The SECTF4Teens is only 3 years old, but it has gained its own reputation. Social-Engineer.org created this competition to provide a steppingstone for the youth of Def Con to step into social engineering. The youth showed up and let us tell you, they proved time and again that they can do anything we put before them. With Def Con 28 going virtual, it left us struggling with how we could still bring something to the table. Enter the Incredible Silvers. With their help we are bringing you a Teens OSINT CTF! Many have probably heard of their success with their OSINT CTFs, in fact they helped the SEVillage run one for the first time ever at DerbyCon! This version will be modified to fit the audiences age but will run just like the normal competition – real OSINT, real targets, and a lot of fun! And will include a real vishing portion! The event will be held one day, Saturday, August 8th.
Think your teen will want to join? Then we want to hear from them. No, really, we do! We are asking your teen to explain to us in their own words why they think they should be chosen to compete and what they want to achieve competing in this competition.
Keep reading for the guidelines and signup form!
Guidelines for Maximum Fun for All
Social-Engineer.org wants teens (ages 13-17) to have a chance at participating in the SECTF4Teens competition. Keep in mind, there are certain skills that really must be mastered by your teen to enjoy participating. The following guidelines were created to help you decide if your teen has the skills necessary to compete, and for them to have fun while doing it.
The SECTF4Teens competitors will need:
- Access to their own computer and the internet (their own computer is essential if more than one contestant is competing in the same household)
- Access to a phone that they can make calls from (if parents prefer teens can use an app, such as the Burner App, to keep their phone number confidential)
- Reading directions/instructions at a 9th grade reading level.
- Solving ciphers geared for 9th grade spelling levels.
If you feel your teen possesses all of these skills than please read on…
Rules for Participation
Before you register your teen, please make sure you can follow all the rules below:
- The contestant must be between the ages of 13-17 at the time of the competition.
- No assistance is to be provided by anyone
- The parent or guardian must approve the registration form.
- The parent or guardian agrees to be responsible for the contestant’s conduct.
- Only the use of approved technology can be used. Work will have to be proved to successfully complete the competition.
- No cheating! Anyone accepting unauthorized help (including that of parents/guardians/siblings/friends) or sabotaging other teams will be disqualified.
THE DO NOT LIST:
The underlying idea of this contest: No one gets victimized for the duration of this contest. Social engineering skills can be demonstrated without engaging in unethical activities. The contest focuses on the skills of the contestant, not who does the most damage. Our goal is to raise awareness to the threat that social engineering poses and educate kids in skills that can be very useful in life.
Items that are NOT allowed to be targeted at any point of the contest:
- Attempting to elicit confidential, legal, or personal target data (e.g. SS#, credit card numbers, passwords, etc.).
- No paid search services can be used. All contestants must be able to provide a URL for each flag submission upon request. We will spot check the winning contestant and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.
- Contestants are not allowed to call, email, or elicit information from the targets in ANY way.
- You get two guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.
- Any techniques that would make a target feel as if they are “at risk” in any manner.
- The use of threats or foul language.
- Use common sense, if something seems unethical – don’t do it. If you have questions, ask a judge.
- Contestants will compete on an individual basis; submissions consisting of multiple people on a team will not be accepted
If at any point in the contest it appears that contestants are targeting anything on the “DO NOT” list, they will receive one warning. After the one warning, any infractions of the “DO NOT” list will result in disqualification from the contest.
If you can comply with all the above and think your social engineer has the skills to win, then register below. This form must be completed by the teen signing up, especially the essay portion. This form must be signed by the parent or guardian. Completing this form does not guarantee participation.