DEF CON 29: Summary of SEVillage
The SEVillage was established in 2010 at DEF CON 18. It has been the official home of all social engineering for 12 consecutive years. Our flagship event, SECTF, has been joined by other events over the years, such as SECTF4Kids and SECTF4Teens. SEVillage is also the home of all the social engineering talk at DEF CON.
Over the past couple of years we’ve all adapted to the demands of virtual work, meetings and yes, even conferences. We really miss seeing our SEVillage family in person. Fortunately, we can experience SEVillage from the comfort of our home! While seeing your faces in 2D isn’t quite the same, we would like to thank each of you for your support. This year’s village was one of the most unique to date. Until we can all be safely together again, let’s come back to DEF CON 29: the SEVillage recap.
Friday: SECTF4Kids and SEVillage Speakers
Friday launched social engineering Capture the Flag 4 Kids (SECTF4Kids). Ryan MacDougall and Colin Hadnagy hosted the annual competition this year. They created a virtual world within Minecraft, with challenges anyone could enjoy. In a world inspired by Destroy him Ralph, participants imagined themselves trapped inside an arcade game after being sucked into a power strip. They had to complete social engineering themed puzzles to collect materials that would help them create a help signal. What was their goal? First, to get enough materials. Second, climb as high as possible in the radio tower. And finally, to project an SOS signal to the owner of the arcade. The team with the brightest signal would win.
This year, 11 children took part in the competition, aged 7 to 12 years old. As always, these children went above and beyond our expectations and took on every challenge we threw at them. SECTF4Kids is a great way to get kids involved in the community in a fun and stimulating way. Over the years, some of these children have even given us ideas for future CTF children that we have set up! We appreciate the opportunity to be a part of their journey and are delighted to see them continue to grow and learn. We would like to warmly thank one of these young people. She has dedicated hours of her time helping us build and create this virtual competition! SEVillage couldn’t have done it without you, Hydra!
The first of our amazing speakers was Christina Lekati. Christina is a psychologist, social engineer, and open source intelligence analyst. She specializes in behavioral analysis and intelligence gathering and analysis through open source and human intelligence. His speech was titled “Judging by the Coverage: Profiling and Targeting Via Social Media”. In this presentation, she dissected several case studies, broke down social engineering models, and helped her audience understand how to apply various profiling techniques to various social media profiles.
Ryan MacDougall from Social-Engineer, LLC was our next presenter. Ryan is the COO and open-source intelligence trainer for Social-Engineer, LLC. In addition, he leads operations during penetration testing and drills with clients, as well as managing client relationships. Its subject was “SE Team vs. Red Team”. He explained the difference between the two by recounting his experience of an exceptional commitment from the SE team. A direct quote from this story: “It was such a surreal experience, to feel like you’re going to die at that point.” Spoiler alert: they are not dead.
Saturday: SECTF4Teens and SEVillage Speakers
Saturday brought with it yet another social engineering Capture the Flag 4 Teens (SECTF4Teens) hosted by CG Consulting Service for the second year in a row. The purpose of the event was to retrieve the flags, via open-source intelligence (OSINT) on the targets given to them. We had 3 people, or as we affectionately call them, “voluntary targets”, who gladly let us use them for competition. Targets provided us with flag responses that teens would then search the internet for, collecting points along the way.
The SECTF4teens competition gives older children the chance to practice their social engineering skills. With the virtual format, participating in a competition like CTF OSINT gives them the chance to see what real engagement looks like and to hone skills that they can use in a future career. It also highlights how easy it is to find information online. They see the dangers firsthand and see how important it is to protect their personal information.
Lisa Forte kicked off our Saturday speeches with a bang. She is an expert in social engineering and insider threats. Lisa performs cyber crisis simulations for large companies to help them prepare for attacks of all types. She actually started her security career by stopping pirates off the coast of Somalia. Her background made her the perfect fit to present the topic “Using OS to Create Insider Threats and Win All Things”. She defined the different types of insider threats that exist and how malicious individuals will take advantage of social engineering tactics to gain a foothold in organizations.
We were delighted to hear John McCombs, employee of the Innocent Lives Foundation (ILF), talk about “The Innocent Lives Foundation: A Beacon of Light in a Dark World”. John’s speech was aimed at raising awareness of the ILF and its mission to identify and bring child predators to justice. He underlined why the ILF is needed more than ever, its position on self-defense and neutrality. To find out how you can help the ILF in its mission, watch this talk on our YouTube channel or visit their website to get involved.
Last but not least, Social-Engineer, LLC. Founder and CEO, Chris Hadnagy concluded the day with the presentation “Make Them Want To Tell You: The Science of Elicitation”. Chris used his 18 years of experience in the information security industry to define what elicitation is. He explained how social engineers use it and looked at the science behind it. Chris is an adjunct professor of social engineering at the NSA-appointed Center of Academic Excellence in Cyber Operations at the University of Arizona. He has written 5 books on social engineering and has countless practical experiences in the field. This unique skill set makes him the perfect speaker to understand and explain these techniques.
We want to thank not only the speakers and those at the forefront of our CTFs, but also everyone who worked behind the scenes to make this year’s SEVillage run so well. A special thank you to all who participated and continue this journey of education and learning with us. If you missed any of the speeches, or would like to hear one a second time, you can find them here on our YouTube channel. If you want to hear Ryan and Chris talk again (and have the opportunity to learn from them), keep an eye out for our SEVillage Twitter account for an exciting announcement to come! Until next year!
*** This is a Security Bloggers Network syndicated blog from Security Through Education written by SEORG. Read the original post at: https://www.social-engineer.org/social-engineering/def-con-29-sevillage-recap/