20 years. Hard to believe, but Defcon has been around for 2 decades. And Black Hat has been doing its thing for 15 years and continues to buck the conference trend and grow in attendance each year. These two security conferences are some of the pace setting events for our industry. For the last few years, the crew at Social-Engineer have been a part of these events, and this year is no different. As you may know, we have 2 arms of our organization. Social-Engineer.org is the free web portal that strives to achieve “Security Through Education” not only with our core crew but also with many excellent contributors. Social-Engineer.com is our commercial arm offering social engineering services (such as penetration tests) and training. Here are some of the events, happenings and schedule for us during the annual pilgrimage to Vegas.
A Black Hat History Making Event with Social-Engineer.org
Social Engineering is not an easy topic to teach. Because it is so human-based, much of the training that was, tended to be very much like lectures. It was this fact that created the challenge that my old mentor put upon me.
Quickly I began running ideas by my partner in SEORG (at the time), Jim O’Gorman. He had a good mind for telling me when I was just full of BS, and when I was hitting a good note. As I began to run my ideas for the way to perform a social engineering class, he helped me mold and shape the good as well as trim the bad ideas.
1.5 years later, what was born was “Social Engineering For Penetration Testers,” the 5-day, non-stop thrill ride that challenged everything we knew about SE training. Now came the challenge: to present this to the board at Black Hat and see what they thought.
Well this is not new news, but we got accepted and are conducting the first ever social engineering training in BH’s 15 year history. That is kinda huge for us, but not as great as seeing the class sell out with a small waiting list, too.
We are truly excited to have this opportunity. We will let you know how it goes after.
Defcon 20 – The Defcon Not to Miss
After only a few hours of rest we will be heading over to the Rio to take part in the mayhem called Defcon. Whatever “free” time we thought we had before will be quickly dispatched with an amazingly full schedule. We are running two capture the flag events: The 3rd annual Social-Engineering CTF: Battle of the SExes and the 2nd annual Social-Engineering CTF for Kids: Return of the Schmooze. These two very differing events, have one common goal: To be fun and educational.
First to mention is the SECTF for Kids. Last year was our first attempt to help run Defcon Kids. We came up with a “Treasure Hunt” Social Engineering Style. Kids had to crack ciphers, pick locks, read microexpressions, race against the clock while gathering clues. And what was the one major complaint we got from the kids???
“IT WAS TOO EASY!”
Well my young social engineering friends, wipe those thoughts from your tiny little heads. This year I have had no mercy on your souls. The ciphers are harder, the clues are more difficult, the track is longer, the locks are more tedious… Oh and parents, we enforce a lunch break. Wait until you see how. This year will prove to challenge the most advanced child hacker, while teaching skills that will be useful for the rest of their lives.
The main event for us is the SECTF. Each year we try to make it bigger, badder and better. The last two years we saw a trend… a lot of women in the audience and none on the stage. Yet I know that 1) there are women in SE/IT and 2) they are usually better than us guys at it.
I set out on a year long campaign (starting from last Defcon) to promote, talk about, survey and blog on the role women play in SE. Then we launched this year’s SECTF – Battle of the SExes… yes a battle not just of SE prowess, but also of who could win head to head – men against women.
The results are amazing so far. 10 men pitted against 10 women in a heated battle to prove not only is social engineering still a legitimate threat in 2012, but also which gender is better at it. The targets have been assigned, and the reports are already in. What is amazing to us this year is the quality of the reports. It seems we have hit some professionals this year. The report writing is of epic quality, and the flags found online prove again that social engineering is a huge threat that is just not being addressed.
All of this fun is not set to end there. Sunday AM will mark a momentous event for the crew at Social-Engineer as we record our 3 year anniversary podcast. For us this is a milestone, as so much has changed from Day 1, but we are happy to have made it this far.
We will celebrate with a room full of friends when each gets a special gift… that is all I can say… if you want to see and hear the podcast you have two options. First, be there. That is the best option. Seating will be limited as the room we have this year is smaller, much smaller (boooo Defcon), but that means our podcast will be packed out. Oh, I almost forgot the second option… yes another first for SEORG… we will be LIVE STREAMING our podcast complete with chat functionality.
Check out http://www.social-engineer.org/defcon-schedule/ for the latest schedule and URLs.
Enough? You want more? Maybe there will be a few extra surprises… to find out, find me in Vegas. See you then… till next month.
If you have comments or questions – please feel free to reach out to me at firstname.lastname@example.org
Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 14 years. Presently his focus is on the “human” aspect of technology such as social engineering and physical security. Chris has spent time in providing training in many topics around the globe and also has had many articles published in local, national and international magazines and journals. He is also the lead developer of Social-Engineer.Org as well as the author of the best-selling book, Social Engineering: The Art of Human Hacking.
He has launched a line of professional social engineering training and pen testing services at Social-Engineer.Com. His goal is to help companies remain secure by educating them on the methods the “bad guys” use. Analyzing, studying, dissecting then performing the very same attacks used by malicious hackers on some of the most recent attacks (i.e. Sony, HB Gary, LockHeed Martin, etc), Chris is able to help companies stay educated and secure. Chris can be found online at http://www.social-engineer.org/, http://www.social-engineer.com/ and twitter as @humanhacker.