This page will host the schedule for the Social-Engineer.Org Crew CTF’s, Speeches and Events at DEF CON. Check back for updates:
The Social-Engineer Village at DEF CON 24
Brought to you this year by:
LOCATION: Palace 2, 3, 4, 5
Wednesday Aug 3
Thursday Aug 4
1000 – 1145 – MISSION SE IMPOSSIBLE REGISTRATION
1230 – 1800 MISSION SE IMPOSSIBLE
Friday Aug 5
1000 – 1520 SECTF Live Calls
2000 – 2055: James Powell, “You are being manipulated.”
Saturday Aug 6
0920 Kick off of the SECTF4Kids
000 – 1520 SECTF Live Calls
1700 – 1755: Jayson Street “….and bad mistakes I’ve made a few….”
1800-1855: Mattias Borg “SCAM CALL – Call Dropped”
Sunday Aug 7
1000-1200 The Live SEPodcast
Tomohisa Ishikawa is a Japanese IT security consultant with seven years of experience. He is specialized in penetration testing, incident response, vulnerability management, secure development, and security education. He has various experiences in leading domestic and international IT security consultation projects, and many opportunities to teach security essentials, secure programming, and secure design. He holds a Bachelor of Arts in Computer Science, and several certifications such as CISSP, CISA, CISM, CFE, QSA and GIAC (GPEN, GWAPT, GXPN, GWEB, GSNA, GREM, and GCIH). He is also in a doctoral program where he will obtain his Ph.D. degree.
Description: As a Japanese security consultant, one of my research questions in social engineering is whether or not cultural difference becomes the barrier for social engineering. It is because the malicious practice of social engineering is different between in Japan and the U.S. I think it is true. Since I have the both experience of being the company in Japan and the U.S., I would like to consider various technique of social engineering from both cultural glasses, such as tailgating, phishing or vishing method. In my talk, I would like to discuss the workability of several social engineering techniques from both Japanese and U.S. culture. It will support the cultural difference can become the barrier or vulnerable weakness.”
Back To Top
Dave loves Chris Hadnagy, alot… almost too much. He masks it behind a fake love of Bruce Hornsby, but secretly he runs a “I Hate Hornsby” club on the Internet. Similar to Fight Club, its first rule is to not speak about the IHH. Dave is also the owner and operator of TrustedSec, the creator of SET and an all around amazing guy who gives really good hugs (to those that want them, except for Chris).
Description: We’ve all seen the Wizard of Oz in some form regardless if it was the old classic or the recreations or story books as children. Oscar Diggs or also known as Oz the Great and Terrible was the most stunning wizard in all of Oz. His wizardry known through all of the land, except Oz was a fake and his entire wizardry an illusion. We are seeing a number of breaches come down to human interaction and the ability to create a fake Oz landscape in order to coax victims into opening a document or clicking a link. This talk goes fun stories of successful campaigns I’ve launched and some of the hilarities around making a perfect Oz world. I’ll be going over the latest and greatest and releasing a brand new version of SET during the talk. Sit back, relax, and enjoy the wonderful world of Oz.
Back To Top
Chris is the sole defender of those who do not want to hear Hornsby. His passion for SE is only match by his passion for the NoHornsby movement.
Description: There are nonverbal movements and actions, that if you master, can make your target more compliant, easier to influence and even happier to comply with your wishes.
Back To Top
Robert Anderson is a former Intelligence Officer with the US Army. He successfully completed the US Army Interrogation school at Ft. Huachuca, AZ. He then completed an extensive Arabic Language program at the Defense Language Institute in Monterey, CA. After two years on active duty in the military he was then awarded an assignment as Interrogation Instructor for FORSCOM Intelligence Training Detachment (FITD). He has supported numerous missions and operations in the Middle East and Africa, both on active duty and later in his career as a government contractor. His IT/Cyber Security experience spans 20 years working for IBM, HP, DELL, BearingPoint, and most recently as a IT/Cyber Security Consultant with Preying Mantis. His Cyber Security experience began over 15 years ago with Network Security, moving to Application Security, Incident Response, and Security Policy, Awareness, and Training. He adapted his Interrogation skill to Social Engineering pentesting and defensive measures. He is a highly trained and experience security professional. His eyes on, hands on experience supporting numerous large organizations in their security challenges covers both strategic and tactical security solutions. He is currently supporting several clients as a IT/Cyber Security Consultant including CenturyLink’s security practice.
Description: US Army Interrogation techniques and training is the Irish Twin of Social Engineering
Objectives for both Match, obtain information from a source or target.
Techniques for both match:
> Lying and Deception at the Source or Target
> Sincere and Convincing to the Source or Target
>Building Rapport and Confidence with the Source or Target
Approaches for both overlap
Methods for both overlap
The speaker will establish the synergy between both practices and provide insight into how to utilize this information in Social Engineering pentesting and defense techniques.
Back To Top
James Powell is a senior software engineer at Cisco Systems. He has been fascinated with manipulation since his childhood. Despite receiving a degree in psychology, he spent 18 years as a professional in the Information Technology space. James spent the first seven years of his career as a system and network administrator before moving to the dark art of programming. Two years ago he stopped dabbling and tumbled down the security rabbit hole. This journey makes him believe that he is finally using his degree professionally. During his downtime, James can be found practicing martial arts, brewing beer and mead, or writing.
Description: You are being manipulated. There is constant pressure coming from companies, people, and attackers. Millions are spent researching and studying your weaknesses. The attack vectors are subtle. Most times we don’t realize that manipulation has occurred until it is too late. Fear not, we can harden our defenses. We can put safeguards in place to help avoid being the victim.
For me, the answer came from an unlikely source: my daughter. Small children are fantastic. Society has not yet influenced their development; therefore, children are relentless in pursuing their aims. Since they are naive to right and wrong, they will use any tool available to get their goal.
How does this help? My daughter became my trainer, and this talk discusses how interacting with her has improved my defenses. Comparing her strategies to real world examples will show how to build a training framework of your own. Access to small children is not needed.
Back To Top
Cyni Winegard & Bethany Ward
“Cyni: Cyni Winegard is currently an information security analyst with TraceSecurity. Starting her career as a systems administrator at a financial institution, she has moved into the information security industry and fallen in love with pen testing and social engineering. Cyni has a Bachelor of Science degree in history with a minor in anthropology from Florida A&M University and is currently working on a Masters in Cyber Security, as well as a Graduate Certificate in Terrorism and Homeland Security. She enjoys applying anthropological concepts to social engineering projects, and is passionate about compromising users. If not lost in cyberspace, Cyni can most likely be found practicing krav maga or seeking her soulmate (in the form of pizza).
Bethany: Bethany Ward fell in love with information security and digital forensics while pursuing a Bachelor of Science in Computer Science from the University of Arkansas. After graduation, she began her career in network security by joining TraceSecurity as an Information Security Analyst. In this position, she currently performs security assessments, pen-testing, social engineering, and audits for financial institutions. When not having way too much fun developing her pen-testing skills, Bethany enjoys volunteering with STEM-Up and geeking out over superheroes.”
Description: Social engineering is quickly becoming more prevalent in the InfoSec industry. Users are becoming more educated about social engineering attempts, but they still fall victim to attacks. Why? Well, like all in all industries, with great improvement to technology comes great improvement to exploitation, and maybe not so great improvement to security. This presentation explores the subtleties involved in wordcrafting, tone of voice, and adaptability during – shudder – human interaction. We’ll also discuss gender roles and stereotyping and the effect it has on the victim. This presentation stemmed from an academic paper and virtual presentation done during Cyni’s coursework for CyberSecurity.
Back To Top
Jayson E. Street is an author of the “Dissecting the hack: Series”. Also the DEF CON Groups Global Coordinator. He has also spoken at DEF CON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006.
Description: In an industry that does so much to uncover and expose the mistakes of others. Which don’t get me wrong is a valuable service in helping to increase security by the discovery of these vulnerabilities. It seems everyone though is very shy about pointing out their own failures! I’ve decided that I could help teach others valuable lessons I learned by showcasing failures I’ve had in Blue Team. failures I’ve had in Red Team and failures I’ve had in this community. I once read that a smart person learns from their mistakes. A wise person learns from the mistakes of others! So please take a moment to listen to me trying to help you become a little bit wiser! 🙂
Back To Top
Mattias is working for WSP | PB in a global role and also a freelance security professional.
He is a Certified Ethical Hacker and always working on increasing his Social-Engineering skills.
34 years old and spent most of his time, booth professional and private, ín the IT field.
He lives in Stockholm Sweden and dedicates his life to IT.
Description: Almost everyone is aware about the Technical Support SCAM calls.
“Hi, your PC is infected”” is a known phrase – but sometimes they are calling the wrong person who decides to make fun of the caller.”
Back To Top
Dr. Steven J. Zani holds a PhD in Comparative Literature, an MA in Philosophy, and Bachelors degrees in English, Philosophy and French. He has taught at the university level for over twenty years and served multiple years as a department chair. Currently he works as the Faculty Development Director, overseeing over 500 faculty and staff at Lamar University, in the Texas State University System, in Beaumont, TX.
Description: What can defunct C.I.A. Manuals, radical lesbian separatists, and an 18th century Romantic essayist teach you about engineering the world to be a better place? We often think about social engineering either on the small-scale – how can one operate in individual conversations to manipulate others for data, access, or specific, immediate purposes – or we think about engineering on a large scale, how politicians or other popular figures embrace and direct a culture. But what about the mid-range? This non-technical paper briefly addresses the techniques and histories of large and small-scale social engineering in order to address the middle ground. This presentation by someone with years of experience with staff and faculty at a state institution will discuss social-engineering on the job, on committees, and dealing with small, educated and uneducated collectives.
Texts referenced will include, among others, Edward Young’s “Conjectures on Original Composition,” the Valerie Solanas “S.C.U.M. Manifesto” and the recent Robert Galford book “Simple Sabotage.”
Back To Top
Fadli B. Sidek is currently a cyber threat intel analyst for Control Risks. He has been in the IT and security industry for almost 10 years and is still loving it. In the past, he was a security consultant doing VAPT for companies in the AMEA region. He has spoken in several security conferences such as BSidesLV, DefCamp, Null Singapore, BSidesVienna and Hackers Conferences in India. He loves reading about security and most importantly traveling the world to attend conferences and share his knowledge and learn from others. Not a guru nor an expert, simply a security over-enthusiast.
Description: In the last couple of years, the number of cases of people being scammed online has risen gradually, and as the number of people become increasingly connected to the online world, so are the number of scammers. Scam cases, from online dating scams, winning lottery scams, free credit card scams, and of course the Nigerian prince who wants to send millions of dollars to your bank account scams are some of those that have been hitting innocent victims the most. Although many such reported cases are published online and on paper, many are still falling victims to such malicious incidents. Recent news by Channel News Asia reported that Singaporeans have been the main target of online scams and GET REAL even published a documentary about the victims of cyber/online scams.
According to the Singapore Police Force (SPF), there were 16,575 crime cases recorded in the first six months of 2015, an increase of 6.7 per cent over the same period of 2014. In the latest report by the SPF, a total of 33,608 cases were recorded last year, up from 32,315 cases in 2014. Online commercial crimes rose by 95 per cent to 3,759 cases, up from 1,929 cases in 2014 which made Singapore’s crime up to 4% driven mostly by cybercrime.
This presentation aims to share and discuss on the growing threat industrial complex driven by cyber crime and specifically cyber scams. We will share our analysis on the countries (Nigeria, China, Philippines, India) involved, how advanced social engineering has helped evolve the techniques and modus operandi used by cyber scammers, the impact it has made in Singapore and why Singapore has been a huge target in South East Asia.