The Train is Rolling! Are you ready to jump on? Black Hat/DEF CON 2014

SEVillage DEFCON 2014

It seems like I just quit sweating from Vegas 2013 and here we are, once more into the fray (apologies to Liam Neeson). The Social-Engineer crew will be hitting the Strip again in August, but once again, too busy to actually see any of it. The week will start at the Mandalay Bay and Black Hat. All of you veteran BH attendees must now wave a bitter goodbye to “the” pool at Caesar’s and actually attend the training classes and briefings. We’ll be giving our Advanced Practical Social Engineering training course for the third year in a row, this year to a sold-out house. Imagine four packed days of communication styles, rapport, influence, elicitation, and nonverbal training. On top of all this class material, our students will be set loose on an unsuspecting and probably sun-burned public to try out their new skills (without being arrested, please). So if you happen to be approached by a shady looking chap in a black t-shirt, be nice, but for goodness sake, don’t tell him your birthday or SSN! The last day of class, Tuesday the 5th, will be especially busy as Chris has been invited to be a speaker at the Black Hat Executive Summit. He and other top security professionals will be meeting with high-level folks from both federal and private-sector organizations to explore the status of security in a discussion forum. Maybe we’ll see you there?

And then there is DEF CON…

On Wednesday the 6th, the crew jumps over to the Rio and the real fun begins. As the DC staff stresses every year, remember the “3-2-1” rule; get at least 3 hours of sleep, 2 meals, and 1 shower, every day. And if you’re going to come around asking for a hug from Amanda, Michele, Mike, Tamara or especially Chris, that shower rule is the most important of all. Do you hear me, nick8ch?

Don’t know if you all have heard, but DEF CON will be starting a day earlier this year, with festivities commencing on Thursday the 7th. Our setup crew was especially thrilled to hear the news, but they don’t get a break during DEF CON, anyway. The Social-Engineer Village is back by popular demand, and will be open for business in Brasilia 1.Thursday will pretty much be a free-for-all. Every year we have people who want to participate in SE fun at the last minute, and this year, you can! We’ll have onsite signups for two main contests, the winners of each going on to participate in the SE DEATHMATCH!

Social engineering isn’t just about fast talking. Can you lock-pick, break code and read facial expressions? Then this is the place for you. The contests will be open to all attendees, with jeering and throwing of soft objects totally encouraged. I have to admit, the final death-match isn’t really about SE; we just needed a way to pick the guy or gal who could best all challengers. There was at least one suggestion that the winner would be determined via a bare-knuckle boxing match against yours truly, but Chris didn’t want y’all to get hurt. Anyway, we’ll have great swag and the whole SEORG crew will be there – stop by and say hi!

The main event – SECTF

Of course, the main reason that most people come see us is to watch the Social-Engineer Capture the Flag (#SECTF). For those of you who haven’t had the opportunity to visit yet, it really is the must-see contest at DEF CON. Every year we select both pro and amateur social engineers who test their skills in obtaining informational flags from various corporate targets. The flags are obtained through OSINT prior to CON and during live telephone calls at the CON. Ever seen a grown man completely panic after being questioned a little too closely and just hang up on a call? No? Then it’s time you paid us a visit. Just to keep things safe and legal, these flags are fairly innocuous. We’re not asking for passwords or credit card numbers. We just want to be able to highlight how much information people willingly provide just by being asked.

And this year’s event is going to be extra special. We didn’t want you to get bored by seeing the same things every year, so this time, we added the special twist of contestants having to work in teams of two. TAG TEAM SE! Teams will have the extra challenge of coming up with pretexts that allow them to pass the call off at least once. This ought to be a blast!

SE-Village speakers

After the calls wind down on Friday and Saturday, the SE VIllage will continue through the early evening. During this time you’ll get to hear from some of the community’s leading SE professionals. Chris, Dave Kennedy, Jayson Street, and Kevin Mitnick have all agreed to share some of their thoughts and experiences over the years, and what they see as the future of information security. Come with open minds. Offering drinks to our speakers won’t hurt, either.

And wait… what… SECTF4Kids

Does anyone happen to remember a few minor incidents last year involving small children being shot with Nerf guns? Yes, we’ll be at it again with this year’s SECTF4Kids, because we just don’t have enough going on. At the time of writing this newsletter, we have 18 kids who will be scrambling through the CON in an effort to solve a corporate crime. Help them if you can, but please don’t make them cry (or maybe do). As always, our goal with the kids is to encourage critical thinking as well as persistence in problem solving – skills we should all have, but are especially important in kids. Join us and be prepared to be amazed at the caliber of kids who participate.

Party, y’all!

No we’ve finally reached Sunday, when things start to wind down and we start to slack right? Not this year. For our new friends, this will be SEORG’s 5th year participating in DEF CON! We can’t have an anniversary without having a celebration, right? Sunday morning we’re planning a small invite-only party – hit up one of the crew to find out how you get in. All I’m going to say is that we may offer you a drink and the swag will be awesome. After that, we’ll do our live podcast. The podcast is open to all and will be top-notch as well as a lot of fun. SEORG history in the making, people!

Finally, we wanted to take this opportunity to thank our sponsors. Wombat, Pindrop, and TrustedSec REALLY stepped up this year and provided support that will make the SE Village the best year ever for all of you. In addition, Qualys donated DEF CON tickets to the first 15 of our SECTF4Kids participants. Thank you all from the bottom of our hearts. We really couldn’t do it without you.

Well, now you know where we’ll be for about the first half of August, and no complaining that you didn’t know we had so many cool things planned. I can say the whole crew is already short on sleep and showers, so don’t expect THAT to get any better by the time you actually see us. But we are all really looking forward to our time together and giving you the best fun and educational experiences available at both Black Hat and DEF CON. See you soon!

Written by Michele Fincher