We are going to take a break from our normal posting and just give a general and probably very long post about the events that lead up to Defcon 20. Defcon 20 proved to be one of the hardest yet most rewarding events we have been a part of since we started on our social-engineer.org journey.
First let’s start a twelve months before Defcon 20… Defcon 19 had just ended and Jim aka _Elwood_ and Chris were talking about how to make the SECTF new, challenging and something exciting. They had set out on a venture to do something that they hadn’t been able to do in the previous two years – get women to compete. It took a year of blogging, surveys and interviews to get the idea out there that there are A LOT of women in the InfoSec community, we just don’t see them that often. This bore the c0ncept of “Battle of the SExes”.
As we launched the contest this year we had over 175 contestants register and we only needed 20, 10 men and 10 women. We didn’t get the normal scary press of every gov agency saying we were going to pillage their companies and steal their data. It was eerily quiet… but in a good way. We chose our 10 men and 10 women, chose our targets and set out to have an amazing competition.
Chris spent 4 months planning, testing and organizing the Defcon 20 SECTF for Kids. In addition, there was another amazing first – we were accepted to train our FIRST ever Social Engineering Class at Black Hat. Vegas was summing up to be an amazing event and we were still months away!
As the week approached Chris was invited by NationWide Insurance to go to Ohio and give a 5 hour Security Awareness Speech to their people. The only time that Chris could do this speech was the day before having to arrive in Vegas for Black Hat.
Prepped for Vegas Chris flew to Ohio and spent a couple days there for the speech. It was excellent working with the NationWide folks and it is encouraging to see a company taking security awareness so seriously.
But after that was over it was time to take the flight to Vegas and get ready for the roller coaster ride called Black Hat and Defcon.
First of all, I can’t say enough good things about the Black Hat crew this year. Trey is obviously doing a tremendous job as the GM and the teams this year were on top of their game and ready to rock and roll. As usual, Ping was her radiant self and everything just worked this year.
Our social engineering class was truly another amazing experience. We had 28 people from all over the world and all walks of life: some penetesters, some security enthusiasts, some psychology enthusiasts and many in between.
The class was truly off the hook… the students pushed harder, did more and accomplished every task to an amazing degree. One group even reproduced the 1950’s Candid Camera Elevator Social Proof test after a night of “homework”.
Needless to say, the class was awesome. As the week came to a conclusion the students took the sign (to the right) and took turns signing the back and then gave it to Chris as a gift.
As excellent as the Black Hat week was it had to end and lead to Defcon. Anyone who has been part of the SECTF as a contestant or audience member in the past knows that we usually have problems with tech, the net, callers, etc. I want to say upfront that NONE of that existed this year. First, a minor tech issue we had was resolved with lightning speed by our crew, the net issues where non-existent and we only had 2 callers that were NO SHOWS and that didn’t kill our performance.
Our crew this year was just on top of their A Game. Chris and Eric where judges, Nick8ch, Jim Manley, Jedi, MisterX and Billy the Bartender all supported us this year. With a special shout out to purehate and ZeroChaos for some tech support before the event. Each of these guys just rocked the house and helped us launch the most successful SECTF ever.
In addition we had two guest speakers this year – Sharon Conheady and Kevin Mitnick.
The audience (especially the males) were very interactive with Sharon’s style of speech and the applause went on for quite a bit.
Afterwards there were many people who wanted to talk to Sharon about to get into the field. That was really encouraging for us – to see such an interest in this field as a career.
The next day our second guest speaker came in right after lunch – Kevin Mitnick.
Kevin completely packed the house, we had to lock the doors because we just couldn’t let any more people in without creating a hazard.
But Kevin gave a great speech that highlighted some of his past stories but it focused on a recent attack and how easy it is to dupe people out of their credit card numbers.
The crowd had a lot of questions for Kevin and he was gracious enough to stay for a while afterward and hand out business cards, sign books, take pictures and answer questions.
We can’t thank both Sharon and Kevin enough for making this just an even more intriguing event.
As exciting as that was one of the other events that occurred this year doesn’t even begin to register on the reality scale as of yet. At the beginning of the SECTF Chris receives a call on his cell phone….
“Hey can you come to room XXX the Director of the NSA, General K Alexander wants to meet with you?”
Chris – “Well I am kinda busy, can he come to me?”
“Umm, you might not understand the request I just made, please come to room XXX in 10 mins”
Chris packed up the SECTF and put it on hold for 20 mins and went to meet the director of the NSA. As he stood in this room, not sure if he was going to be arrested, told to cease or congratulated he just thought how he would handle each. He was happy to see his lawyer from the EFF walk in and stand right next to him. 🙂
Surely enough General Alexander walks in, shakes Chris’ hand and says, “Thank you for teaching America’s youth how to use skills like social engineering for the better.”
Stunned and not sure what the living heck just happened, he takes a minute to collect his thoughts. He turns to the secret service agent next to him and says, “Did that really just happen?” So excited he asks the SS Agent if he could give the General a special edition SEORG Challenge coin. The agent inspects it to make sure it is not an explosive device and then says, “Sure.”
After a short wait, it is time for Chris to get back to the competition and he had not got to shake hands with the general. He jokingly says to the Agent, “Tell the General he is welcome to visit me in my SECTF room, but I gotta run…sorry”
The SECTF continues and we get through a couple of calls when a secret service agent comes into the room and states, “General Alexander will be here in 15 minutes, prep the room”
WHAT???? Our youngest contestant ever is in the booth when this occurs and I basically tell her that we have to stop short as he will be in soon. Only 2 mins left on her clock she is ok with that. As the General enters the room, Chris introduces him and the room bursts into applause. He comes to the front of the room and asks what this competition is about and how it works.
Chris begins to explain all the details to him. When he gets to the scoring the General asks:
“So what do they win?”
Chris – “Oh we have some of the coolest spy gear to gi….err… I mean non-spy gear, like pens with no hidden cameras and more.” As the room breaks out into laughter the General is gracious enough to say, “Oh you mean pentesting equipment?”
General Alexander then calls up the last contestant,the youngest female contestant ever and interviews her about her experience in the booth. She was STELLAR – as if she had been preparing for this for years. A true testimony to the quality of people in the competition. She was courteous, professional and answered perfectly. Great job Hannah!!
Next Chris offers the General the special edition SEORG Challenge coin. General Alexander happily accepted this coin and did something totally unexpected. As he shook Chris’ hand he gave him a NSA Director’s Challenge Coin. From what we are told only 5-10 of these are given out a year, and it is now one of Chris’ prized possessions.
The whole event was a tad bit surreal to start with, but that was an epic meeting and to have the director of the NSA tell us that we are congratulated for the competition, congratulated for teaching people to be aware and congratulated for being part of bettering America just made all the effort worth the while.
Thank you General Alexander!
The good stories just don’t stop. The CTF this year was the best we have had. The callers were prepared, the pretexts were solid and the skill level was at an all time high.
Again we congratulate our winner, Shane MacDougal and the runner up, JC for the amazing calls they both made.
Shane broke some great records this year… getting every flag on the list and doing so with one caller on his first call! Great work Shane!
JC had an interesting call as his “target” was to a company that was one of my Black Hat students employer and he was sitting in the audience! That was AKWARD! “sorry”
Another great story was when the MilkMan was in the booth and he was calling a company and pretexted as a guy… shortly after his 2nd call in as this “guy” the guy started to get texts as to why he was calling centers warning them about Defcon. Interesting? Well it was cause he was sitting 3 rooms over from the SECTF at DEFCON! He came into the room to see his SE Counterpart sitting in the booth.
Will the real Josh Lackey please stand up?
Only at Defcon! Epic Story.
In addition to all this amazing fun we had a chance to meet with the legend, R. Paul Wilson. Paul and Chris have been friends on the Internet for quite some time but finally had a chance to get together for a meal and share some stories.
Paul even came into the SECTF room a few times and helped with questions from some of the audience on the legalities of pretexting as Law Enforcement and other such questions.
Thanks Paul for making this year’s SECTF even better!
By now the whole crew at SEORG has their head spinning. Our friends from Nuit Du Hack in Paris France came in and we got a chance to hang with them again. A special thanks to Hicham, who made the trip to Paris so much better and graced us with his help again in Vegas!
One night we are walking around and we see this poster about the IOActive party and one the poster is a notice that Infected Mushroom is playing…. now at first we thought this was a giant SE gig… there is no way on earth one of our favorite bands, friends and podcast guests are in Vegas the same time we are.
For sure it was true and not a dream. Chris phones up Duvdev and asks if a few of us can get in to say hi before the show. We are all set but the line is forever long and we need to get in there before IM goes on. Never fear, Nick8ch goes up to security and tells them “we are with the band” and they let us right in front of the line. As we enter they say, “We still need to card you.” Nick8ch and Chris both hand over their id’s and get right in. Now notice this… Eric is a pasty white ghost-like character that when he sees the sun melts into a puddle of blistering skin… where as Hicham is a dark skinned Moroccan with a full black beard. Eric hands the guy his id and as he does Hicham says, “I forgot mine”
Eric being a quick thinker says, “Try mine” and hands Hicham his license, which Hicham hands to the security guard. Moments later we are all being given our bracelets and through security! Nice work guys!!
After that we are on stage with our buddies Duvdev and Erez and snapping some photos then enjoying a killer show put on by IOActive and Infected Mushroom.
Its a late night but we know we need some rest as the next day is our live podcast. The podcast was celebrating our 3 year anniversary with a celebratory shot and free shot glasses that say “Social-Engineer.org #36″ on it for our 36th podcast.
As the podcast closed down all we could think about is how awesome this year went and how amazing our crew is and how phenomenal the CTF’s went and how successful this year was!
Some special shoutouts and pictures.
The SEORG Podcast Team (Dave was missing)
Kevin and the SEORG Team (Chris “loganWHD”, nick8ch, Kevin, Urbal)
nick8ch getting paid to “work”
SEORG’s photographer and the infamous MisterX
Jedi – helped make the SECTF run smooth
Jim – Scotch expert, shot glass keeper and SECTF helper
Keeping security happy makes every one happy 🙂
Billy – Mad SE Skills, Mad Bartending Skills and official storage unit for SECTF 🙂
Security is NUTS at the SECTF
Could this be SEORG’s smallest fan?
How did Hicham use Eric’s ID?
Although missed… never missing. We love you Brad.
Thank you to everyone that made this year a true success. We sorely missed Mati (muts) and Jim (_Elwood_) this year but are happy that we could make it work!
Till next year!! Can’t wait…..