![Page 1: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/1.jpg)
Education/Action/Protection
Social Engineering for Fun and ProfitLessons from the SECTF
![Page 2: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/2.jpg)
Who am I?
2
Created the world’s first SE framework
CEO of Social-Engineer, Inc.
Asked by DEF CON to host an SE contest Legal
Ethical
Fun
![Page 3: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/3.jpg)
What is Social Engineering?
“….any act that influences a person to take an action that may or may not be in their best interests…”
3
![Page 4: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/4.jpg)
SECTF at DEF CON
A contest that demonstrates the danger of social engineering through vishing
Contestants: both experienced and n00bs
Targets: large companies selected by SEORG
Goal 1: collect all available OSINT
Goal 2: obtain “flags” on live calls during DEF CON
Strict ROEs
Legal counsel
![Page 5: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/5.jpg)
DEF CON 18
![Page 6: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/6.jpg)
DEF CON 19
![Page 7: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/7.jpg)
DEF CON 20
![Page 8: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/8.jpg)
DEF CON 21
![Page 9: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/9.jpg)
DEF CON 22
![Page 10: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/10.jpg)
DEF CON 23
You better come to find out….
![Page 11: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/11.jpg)
What 5 Years Tells Us
Companies are still poor about online information leakage
Companies are still poor at repelling vishing attacks
It doesn’t take a pro to be successful
Internal pretexts work!
Implausible pretexts also work!
![Page 12: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/12.jpg)
War Stories
Women are scary
YOU just became our next contestant…
We DO have rules
Would you believe 37 hand-offs in 30 minutes?
Posting passwords online is bad
![Page 13: Social Engineering for Fun and ProfitLessons from the SECTF](https://reader035.vdocuments.us/reader035/viewer/2022062710/55b35014bb61eb56148b4631/html5/thumbnails/13.jpg)
Themes
DC 18: How Strong is your Schmooze
DC 19: The Schmooze Strikes Back
DC 20: The Battle of the Sexes
DC 21: Who is the Deadliest Warrior
DC 22: Tag Team Challenge
DC 23: You better come and find out…