The Social-Engineer Village

This page will host the schedule for the Social-Engineer.Org Crew CTF’s, Speeches and Events at Defcon.  Check back for updates:

 The Social-Engineer Village at Defcon 22

SECTF Room Brasilia 1

Thursday, August 7, 2014

10:00  SE Contest #1:  Social Engineering and Microexpressions – Challenge yourself to race against the clock and others to pick locks and match facial expressions to their proper identities, all to win some cool schwag and a chance at the SE Death Match.

13:00  SE Contest #2:  Social Engineering Under Duress – This will challenge you physically and mentally. You are locked in our booth with hand and leg cuffs, after freeing yourself you have to solve a cipher, all while the crowd jeers you. The winner gets some cool schwag and a chance at the SE Death Match.

16:30  SE Death Match – The winners from the previous competition have a chance to go head to head in an all out battle for the SE Death Match.  All we can say right now is it might involve hand to hand combat, nerf guns, bottles of….. beverage and more!

Friday, August 8, 2014

Friday 10:00 – 10:10 >    Opening Speech – Tips, Tricks – Chris Hadnagy (Contestants be there for tips)
Friday 10:20 – 12:00 >    SECTF Calls
Friday 12:00 – 12:45  >   LUNCH
Friday 12:45 – 15:20  >   SECTF Calls
Friday 16:00 – 16:55  >   Brent White:  Corporate Espionage – Gathering Actionable Intelligence Via Covert Operations.

ABSTRACT: Your mission, should you choose to accept it, is to think like a “spy”. If a covert operative were in the information gathering phase against the target(s), what steps would they take to do this without being noticed? How would they infiltrate the target? This is the contemplative mindset that is required to proceed with your mission…Human interaction is impossible to avoid, so what is the best way to make the most out of it and still seem natural without setting off any “intuition” alarms?
This talk gives insight into some of the tools, methods, and skill-sets helpful toward successful corporate building infiltration and information gathering, as seen in Social Engineering, Physical Security and Red Team assessments.

Bios: Brent White (B!t]{iLL3r)

As a professional penetration tester, Brent’s skills are utilized to deliver enterprise level security assessments which includes social engineering and physical assessments (Red Teams). Through his experience he has learned techniques that although they are non-traditional, are highly effective and easy to implement in covert data collection on specific targets.

Brent has held the role of Web/Project Management and Director of IT Security at the headquarters of a global franchise company and is currently a Security Consultant at Solutionary, An NTT Group Security Company.

Tim Roberts (Z4nsh1n)
Tim has over 10 years of information security experience. He has held security and management roles across multiple industries including state and local, healthcare, government, retail, education, and manufacturing. As a professional Penetration Tester and Security Consultant, Tim’s skills include Enterprise Security Assessments, Social Engineering Assessments, Internal and External Penetration Testing, Application Assessments, Wireless Testing, and Security Architecture Reviews. His specialty is in social engineering and has conducted highly successful Red Team Assessments. Tim is a currently a Security Consultant for Solutionary, An NTT Group Security Company.

Friday 17:00 – 17:55 >    Michele Fincher: “How Do you Feel about your Mother?” Psych and The SE

Abstract: Security nerds! Bet you were too busy taking Perl and Visual Basic in high school to talk to the girls. Well, I’m here to tell you that you missed out then, but can make up for a little of that in my presentation while learning just a little more about security!

In this presentation, I’ll highlight some of the most interesting and controversial psychological studies from history and apply them to the world of SE. Yes, it actually transfers quite nicely. And if you ask nice, I might even wear “the” black dress while I blow your hair back.

Bio: Michele Fincher is the Chief Influencing Agent of Social-Engineer, Inc., possessing over 20 years experience as a behavioral scientist, researcher, and information security professional. Her diverse background has helped solidify Social-Engineer, Inc.’s place as the premier social engineering consulting firm.

As a US Air Force officer, Michele’s assignments included the USAF Academy, where she was a National Board Certified Counselor and Assistant Professor in the Department of Behavioral Sciences and Leadership. Upon separating from the Air Force, Michele went on to hold positions with a research and software development firm in support of the US Air Force Research Laboratory as well as an information security firm, conducting National Security Agency appraisals and Certification and Accreditation for federal government information systems.

At Social-Engineer, Inc., Michele is a senior penetration tester with professional expertise in all facets of social engineering vectors, assessments, and research. A remarkable writer, she is also the talent behind many of the written products of Social-Engineer, Inc., including numerous reports and assessments, blog posts, and the Social-Engineer Newsletters.

Saturday, August 9, 2014
Saturday 09:30 – 10:20 >    All Kids and Parents for SECTF for Kids present – Kicking off Defcon22 SECTF4Kids
Saturday 10:20 – 10:30  >    Opening Speech by Chris Hadnagy
Saturday 10:40 – 12:20  >    SECTF CALLS
Saturday 12:20 – 13:00   >    Lunch
Saturday 13:10 – 15:00  >    SECTF Calls

Saturday 15:30 – 16:25  >    Jayson Street:  The Incredible likeness of being… Adorable!

Abstract: The incredible likeness of being Adorable is not a talk it is more of a discussion where Jayson will sit down with the audience share some stories from different countries where he has compromised secure areas by not ‘breaking in’ but just being friendly! So prepare to not be in the audience but to be part of the discussion on how being adorable is ten times better than lock picks! ;-)

Bio: Jayson is an author of the book “Dissecting the hack: The F0rb1dd3n Network” plus creator of the site

He’s also spoken at DEFCON, DerbyCon, UCON & at several other ‘CONs & colleges on a variety of Information Security subjects.

His life story can be found on Google under “Jayson E. Street”. He’s a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil.

He does not expect anybody to still be reading this far but if they are please note I was chosen as one of Time’s persons of the year for 2006.

Saturday 16:30 – 17:25  >    Chris Hadnagy: “What Your Body Tells Me: Body Language for the SE”

Abstract: What if I told you I can look at your body and tell you everything about your past, present or future?  Well I can’t, and no one really can.  But I can use subtle nonverbal cues in your body language to influence you and point your thoughts in a direction to make you more agreeable.

This speech focuses on how to read, decipher and use the subtle nonverbal cues that make up the unspoken language.  Unlike Michele, no matter how much you beg I will NOT be wearing a black dress or blowing in your hair… but I will make sure you learn something cool.


Saturday 17:30 – 18:25  >    David Kennedy: Destroying Education and Awareness Programs

Abstract: Education and Awareness has become a huge focus for a number of organizations. With the elevated trends around hackers bypassing millions of dollars of technology by simply sending an email or picking up a phone – it has never been easier to own a network. This talk will discuss a lot of the defensive measures we teach our employee population to detect attack and how to circumvent these education controls in order to get into anything. I’ll be demonstrating some advanced evasion techniques on getting around some of the most popular technologies such as next generation firewalls, application whitelisting, memory analysis, and more. In this talk we’ll turn around everything we are taught, everything we hold sacred, and flip it upside and then destory it with a hammer.

Bio: Dave Kennedy is founder and principal security consultant of TrustedSec – An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book “Metasploit: The Penetration Testers Guide,” the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has presented on a number of occasions at Black Hat, Defcon, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, ISACA, ISSA, Infragard, Infosec Summit, and a number of other security-related conferences. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy and was originally on the Back|Track and Exploit-DB development team and co-host of the podcast. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.

Saturday  18:30 – 19:25 >    Kevin Mitnick: Getting Intimate with Kevin Mitnick

Abstract:  You got a question for Kevin you always wanted to ask… now is the time.

Sunday, August 10, 2014
Sunday 11:00AM – 5th Anniversary Invite Only SEORG Party

Sunday 11:30AM – Melds right into the podcast recording for Podcast #60!!




Basic RGB