DEF CON 23 – Recap, Updates and More!

We just came out of our coma and realized we haven’t updated all of you who couldn’t make it on what happened at DEF CON 23. So, we pulled ourselves up from the floor and started writing. 

DEF CON was in an all new venue this year, one that we had personally never visited; so of course, we were apprehensive and nervous about how it would go. Additionally, this year’s conference was larger than ever! It spread over 2 hotels, with a pretty substantial walking distance between the contests/event space and the area where all of the talks took place. This year we were also tasked with developing and hosting a brand new event that was the only Thursday event running at DEF CON.

Needless to say, we approached DEF CON with nervous excitement this year. There were so many new unknown challenges, over 3000 square feet of new room, a new event, and a larger crew.

Wednesday – Day O’Setup

Since we had to be up and ready for Thursday, we used Wednesday as our setup and test day. It started with our resident immortal, Billy the Immortal (yes that is really his name), delivering about 4,528,082,927 boxes to our event space.

picture1 - wednesdaysetup

As boxes arrived, the team was quick to unpack, organize and re-assemble all our things.

picture2 - as boxes arrived

It didn’t take long for the room to buzz with energy.

picture3 - buzz with energy

Of course, it takes one pentester, one engineer, one sysadmin and a social engineer just to get the banners situated.

picture4 - banneraseembly

Within a just a few hours, the room was fully set up. The laser array (more on this later) that Mister_X built and the amazing new video and audio displays (courtesy of Evan) were all running in perfect order.

picture5 - room setup

We even had a visit from 1o57 to show us the Uber Badge this year.

Picture6 - uberbadge

He told me after I took this picture that it was infused with radiation or something like that, so I now am literally a green hulking mass of anger. Thanks, 1057!

As set-up neared completion, we were all tired and hungry but STILL excited to see how our inaugural Thursday event would go. We conducted a team meeting to discuss sign-ups, and our resident DEF CON n00b, Colin, suggested an idea so genius… so amazing… that it took care of all our concerns on how to handle sign-ups on the fly….. A LOTTERY.

Yes, he suggested collecting all the sign ups and drawing the first 10 out of a hat to be the first ever participants for our Thursday event, Mission SE Impossible.

How did it go?

MISSION SE IMPOSSIBLE – Thursday

We all arrived bright and early Thursday for last minute setups and checks before the big event. Jess was even there on time – AMAZING

picture7 jess on time

While the team took sign ups Jess and I had an amazing opportunity to live hack a journalist, our friend and great sport Kevin Roose, from Fusion TV.

picture8 - fushionTV

While Jess and I were busy filming, the rest of the team was hard at work…. ummm… hard at work, I SAID!!

colin hard work

picture10 - hardwork

We had a fantastic turnout for the Mission SE Impossible event! 150 people entered the lottery for the 10 slots to participate in the event. Truly amazing right?

We drew our 10 names and the room quickly filled up in anticipation.

picture12 - 10 names

picture13 - 10 names

Once we reached start time for the event, the room was completely packed with an enthusiastic audience! .

The MISSION SE IMPOSSIBLE was outlined like this:

Theme: One of my employees was conducting corporate espionage and planning to steal all my corporate trade secrets. However, just as they were going to exfiltrate the super duper secret data, Evil Corp discovered there was competitive intelligence to gain and and sent in a “spy” ( the contestant) to steal the data first. The spy was caught and placed in a holding cell. Using a series of physical and mental tools, the spy would attempt to gain access to a safe in my office to successfully steal the data.

Stage 1:

Nick the cop, locked each “spy” with both hand and leg cuffs, our super duper secret secure holding cell.

picture14 - secureholdingcell

Yes that is it… awesome, no? For some unknown reason (maybe donuts) Nick didn’t see the handcuff shim or the paperclip on the floor within grasp of the contestant. He also accidentally left a top secret folder (containing clues) and forgot to confiscate the contestant’s cell phone. Man, Nick, what a lousy security guard!

Once the contestant freed themselves from the cuffs, the had the opportunity to inspect the folder which contained file with some clues and a weird template(both needed for later stages in the challenge).

Stage 2:

The contestant needed to get to the Mail Room:

picture15 - stage 2

Yes yes, I know, one box isn’t a mail room, but we’re using our imagination here. The contestant needed to find a specific letter to the person listed in the file. Once they opened it, they would find a message from Evil Corp outlining how to open the safe.

Stage 3:

They needed to gain access to my office. But I don’t have just any ol’ office. No, my office was protected by a laser array (custom built by Mister_X) that set off alarms if triggered. If the alarm went off, the security sniper, Jim, was standing by with strict orders to shoot.

picture16 - stage 3

Look at those amazing lasers… just don’t look too closely, they are green lasers so can blind you pretty quickly.

The contestant needed to leverage critical thinking skills to match the weird template (included in the file folder from Stage 1) to a book using the correct ISBN, that was given them in Stage 2. The contestant then had to discover three words from the book to give to a secret agent (Amanda). If the correct words are provided, the secret agent provided the clues needed to complete Stage 3. If one or two of the words are incorrect, the contestant would be shunned.

Once the contestant obtained the clues from Amanda, they needed to gain access to my safe by combining the information obtained to this point with additional clues within the office. Once the safe was unlocked the mission was complete and time stopped. The contestant with the fastest time was the winner.

Mission SE Impossible proved to be complicated for contestants, but if you needed just a little bit of cute to make your day better you can always….

picture17 - jess and billy

No, don’t look there… I’d say just give up and leave the village.

In addition to an amazing event, we had a few solid interviews too. Our partners from Japan, Asgent, accompanied by an awesome Japanese newspaper team flew all the way over just to interview us.

picture18 - asgent

As always, we enjoyed sharing some knowledge about current social engineering trends.

Finally, it was time to conduct a rehearsal for the SECTF, so we put Jess in the booth and tested things out.

picture19 - jess testing

When her stories and songs became too much I had a pink Tribble for comfort, since our resident nerd, Anna, decided to buy a whole BAG OF TRIBBLES for the team….

picture20 - tribble

SECTF Day 1 – Friday

We were back in the SE Village bright and early (9 AM in Vegas may as well be sunrise) to prepare for the SECTF. In previous years this event has been wildly popular amongst DEF CON attendees. We quickly knew this year would be no different as seats were slim by 9:30 AM – a full 30 minutes prior to the event start time. Evan worked extra hard to ensure everything was ready to rock.

picture 21 - SECTFFriday

Additionally we had our social engineers conducting crowd control to ensure the room remained packed but didn’t present a fire code danger.

picture22 - firecodedanger

By 10 AM start time, we already had a line outside the room to get in!

lineoutsidetheroom

This year we were fortunate to have Tim Newberry from White Canvas Group join us at the judging table to help us critique the calls.

timnewberry

By the time we reached the end of Day 1 – the calls were amazing, the crowd was amazing and all we needed was a little love from Jim.

lovefromjim

After wrapping SECTF activities for the day, we launched the first official human track for DEF CON in the SE Village. We had an amazing line up.

We started off with a great speech on applied de-escalation for social engineering by Noah Beddome, followed by an amazing presentation on the application of psychology to security and decision making by our Chief Influencing Agent, Michele Fincher. Michele’s talk was followed by an intellectual presentation on Natural Language Processing by Ian Harris, and John Ridpath rounded out presentations for the night with a talk about Shakespearean villains and social engineering.

Here are some images from the SE Village talks for your enjoyment.

sultryasian

Michele, aka @SultryAsian, delivered a fascinating and intellectual speech.

ianharris

Ian Harris stirred the audience up with his speech on Natural Language Processing

You can catch these and the rest on the DEF CON DVDs when they come out.

SECTF4Kids, SECTF Day 2 and SEVillage Presentations

As if the first day wasn’t enough, we started Day 2 with even more awesome.

Our pride and joy success story, Ashley, was back with us again this year to help run the SECTF4Kids event. Dang, I love that girl. She is now in a world robotics league kicking robot butt all over the globe.

ashley

I think this is Amanda’s only hand gesture, which is telling me to shut up, as we give the kids and parents the starting line up for the SECTF4Kids. With a “GO!” the Amazing Race SECTF4Kids edition launched for the day. Amanda, Tamara, Billy and Anna all ran around like crazed lunatics to keep the kids challenged and engaged.

shutupchris

Shortly thereafter our podcast guest R. Paul Wilson stopped in to say “hi” and meet with fellow Scotch Fanatic, Jim Manley.

paulandjim

In the meantime, kids were hard at work cracking ciphers and doing all sorts of awesome things with their brains.

kidschallengedandengaged

We conducted some last minute testing just before kicking off Day 2 of the SECTF:

lastminutetesting

Our first contestant of the day (and eventual winner of the competition) totally blew us all away.

firstcontestant

The call was so good it left my team feeling……

leftmyteamfeeling

In the meantime, kids were still crawling on the ground like little spies looking for hidden QR codes… we love it!

kidsciphers

Colin was constantly bringing us food and drink.

colinwithfood

If he could’ve just brought us a toilet, it would have been perfect.

We had a couple no-shows this year for the SECTF, but fortunately two volunteers stepped up and got in the booth to conduct live calls with just under 2 hours of prep time. One alternate contestant, Whitney, came in the 5!!! Amazing right?

Whitney

After the final SECTF calls, we once again launched our SE Village presentations for the evening with Jayson Street, Tim Newberry, Chris Hadnagy, Dave Kennedy and Adam Compton & Eric Gershman.

jayson

Jayson spoke to a packed house on how to break in bad.

timnewberryspeech

Tim Newberry gave the crowd a jolt with his presentation on Twitter, ISL and Tech.

Chrisspeech

I had the honor of presenting the history of the SECTF and evolution of the DEF CON SEVillage.

davespeech

The new and improved Dave 2.0 provided some entertaining real world takes of end user attacks.

adamanderic

Finally, Adam and Eric closed out the night with some great content around the SpeedPhishing Framework

Although we were truly tired, it didn’t stop us from hosting ourprivate SE Party (LOCATION AND DETAILS TOP SECRET).

The End is Near – Sunday Podcast

Sunday was a great day for us with closing ceremonies, a live podcast, clean up and a great dinner with the whole SE team.

podcast

Yes Dave actually made it for the podcast, well part of the way… and our guest R. Paul Wilson was both amazing and fascinating.

daveatpodcast

When Dave had to leave early, he decided to HUG our guest… sigh

davehuggingpaul

He then proceeded to hug about 50 people on the way out, including Mike, who looked really scared.

davehuggingmike

We then cleaned up the room and headed off to closing ceremonies.

teamatclosingceremonies

A tired but amazing team watching the board for our pics.

michelchrisgrifty

Michele and I gave out first and second place prizes with a BLACK BADGE yet again. We were so proud of Jen, our first place winner for her amazing job this year.

jenfirstplacewinner

Our tremendous second place winner, Jon S.

jenonstage

First place winner Jen F.

hugginggrifty

The closing wasn’t complete without a hug to my friend “Grifty”

chrisandmicheldefcon

M and I take one last minute to look over the crowd and say a final goodbye to an amazing year.

Our final event – the SE team dinner:

SETeamdinner

Final Thoughts:

finalthought

Let me just leave this here first…

This year, over and over again, I was told one thing… my team is amazing. Michele, Amanda, Nick, Jim, Evan, Colin, Jess, Mike, Dan, Ashley, Tamara, Bonez, Anna, Mister_X & Billy – each of them played an integral role in the success of the SE Village! We were fortunate to once again run a wildly popular, wildly successful, village at the world’s largest hacker con that left people feeling better for having met us!!!

Sadly, we will proceed next year without Tamara. She has moved on to greener pastures and will be so sorely missed.

amanda and tamara

I’ll just drop this here too…. </3

This year we again learned that SE wins every time. We learned that even 7-8 year old kids can achieve greatness in critical thinking. We learned that well dressed, intelligent people can draw a massive crowd into a village all about human hacking. We learned a Thursday event that lets anyone join can be VERY successful. And last but certainly not least, I have learned that my team … this amazing and truly diverse group of individuals have come together as a TEAM to help this community grow, learn and be better… I have learned that without them, I am nothing and with them I can accomplish almost anything!

SETEAM

Stay tuned, we will be announcing some new and amazing things for DEF CON 24!

Comments

  1. says

    I would love to come to one of these events! Are they always in the US? Bit of a long shot, but are there any events in the UK? Thats where I am based, I do come to the states quite a bit, but I think I would have to get lucky with the dates…

Leave A Reply