We just came out of our coma and realized we haven’t updated all of you who couldn’t make it on what happened at DEF CON 23. So, we pulled ourselves up from the floor and started writing.
DEF CON was in an all new venue this year, one that we had personally never visited; so of course, we were apprehensive and nervous about how it would go. Additionally, this year’s conference was larger than ever! It spread over 2 hotels, with a pretty substantial walking distance between the contests/event space and the area where all of the talks took place. This year we were also tasked with developing and hosting a brand new event that was the only Thursday event running at DEF CON.
Needless to say, we approached DEF CON with nervous excitement this year. There were so many new unknown challenges, over 3000 square feet of new room, a new event, and a larger crew.
Wednesday – Day O’Setup
Since we had to be up and ready for Thursday, we used Wednesday as our setup and test day. It started with our resident immortal, Billy the Immortal (yes that is really his name), delivering about 4,528,082,927 boxes to our event space.
As boxes arrived, the team was quick to unpack, organize and re-assemble all our things.
It didn’t take long for the room to buzz with energy.
Of course, it takes one pentester, one engineer, one sysadmin and a social engineer just to get the banners situated.
Within a just a few hours, the room was fully set up. The laser array (more on this later) that Mister_X built and the amazing new video and audio displays (courtesy of Evan) were all running in perfect order.
We even had a visit from 1o57 to show us the Uber Badge this year.
He told me after I took this picture that it was infused with radiation or something like that, so I now am literally a green hulking mass of anger. Thanks, 1057!
As set-up neared completion, we were all tired and hungry but STILL excited to see how our inaugural Thursday event would go. We conducted a team meeting to discuss sign-ups, and our resident DEF CON n00b, Colin, suggested an idea so genius… so amazing… that it took care of all our concerns on how to handle sign-ups on the fly….. A LOTTERY.
Yes, he suggested collecting all the sign ups and drawing the first 10 out of a hat to be the first ever participants for our Thursday event, Mission SE Impossible.
How did it go?
MISSION SE IMPOSSIBLE – Thursday
We all arrived bright and early Thursday for last minute setups and checks before the big event. Jess was even there on time – AMAZING
While the team took sign ups Jess and I had an amazing opportunity to live hack a journalist, our friend and great sport Kevin Roose, from Fusion TV.
While Jess and I were busy filming, the rest of the team was hard at work…. ummm… hard at work, I SAID!!
We had a fantastic turnout for the Mission SE Impossible event! 150 people entered the lottery for the 10 slots to participate in the event. Truly amazing right?
We drew our 10 names and the room quickly filled up in anticipation.
Once we reached start time for the event, the room was completely packed with an enthusiastic audience! .
The MISSION SE IMPOSSIBLE was outlined like this:
Theme: One of my employees was conducting corporate espionage and planning to steal all my corporate trade secrets. However, just as they were going to exfiltrate the super duper secret data, Evil Corp discovered there was competitive intelligence to gain and and sent in a “spy” ( the contestant) to steal the data first. The spy was caught and placed in a holding cell. Using a series of physical and mental tools, the spy would attempt to gain access to a safe in my office to successfully steal the data.
Stage 1:
Nick the cop, locked each “spy” with both hand and leg cuffs, our super duper secret secure holding cell.
Yes that is it… awesome, no? For some unknown reason (maybe donuts) Nick didn’t see the handcuff shim or the paperclip on the floor within grasp of the contestant. He also accidentally left a top secret folder (containing clues) and forgot to confiscate the contestant’s cell phone. Man, Nick, what a lousy security guard!
Once the contestant freed themselves from the cuffs, the had the opportunity to inspect the folder which contained file with some clues and a weird template(both needed for later stages in the challenge).
Stage 2:
The contestant needed to get to the Mail Room:
Yes yes, I know, one box isn’t a mail room, but we’re using our imagination here. The contestant needed to find a specific letter to the person listed in the file. Once they opened it, they would find a message from Evil Corp outlining how to open the safe.
Stage 3:
They needed to gain access to my office. But I don’t have just any ol’ office. No, my office was protected by a laser array (custom built by Mister_X) that set off alarms if triggered. If the alarm went off, the security sniper, Jim, was standing by with strict orders to shoot.
Look at those amazing lasers… just don’t look too closely, they are green lasers so can blind you pretty quickly.
The contestant needed to leverage critical thinking skills to match the weird template (included in the file folder from Stage 1) to a book using the correct ISBN, that was given them in Stage 2. The contestant then had to discover three words from the book to give to a secret agent (Amanda). If the correct words are provided, the secret agent provided the clues needed to complete Stage 3. If one or two of the words are incorrect, the contestant would be shunned.
Once the contestant obtained the clues from Amanda, they needed to gain access to my safe by combining the information obtained to this point with additional clues within the office. Once the safe was unlocked the mission was complete and time stopped. The contestant with the fastest time was the winner.
Mission SE Impossible proved to be complicated for contestants, but if you needed just a little bit of cute to make your day better you can always….
No, don’t look there… I’d say just give up and leave the village.
In addition to an amazing event, we had a few solid interviews too. Our partners from Japan, Asgent, accompanied by an awesome Japanese newspaper team flew all the way over just to interview us.
As always, we enjoyed sharing some knowledge about current social engineering trends.
Finally, it was time to conduct a rehearsal for the SECTF, so we put Jess in the booth and tested things out.
When her stories and songs became too much I had a pink Tribble for comfort, since our resident nerd, Anna, decided to buy a whole BAG OF TRIBBLES for the team….
SECTF Day 1 – Friday
We were back in the SE Village bright and early (9 AM in Vegas may as well be sunrise) to prepare for the SECTF. In previous years this event has been wildly popular amongst DEF CON attendees. We quickly knew this year would be no different as seats were slim by 9:30 AM – a full 30 minutes prior to the event start time. Evan worked extra hard to ensure everything was ready to rock.
Additionally we had our social engineers conducting crowd control to ensure the room remained packed but didn’t present a fire code danger.
By 10 AM start time, we already had a line outside the room to get in!
This year we were fortunate to have Tim Newberry from White Canvas Group join us at the judging table to help us critique the calls.
By the time we reached the end of Day 1 – the calls were amazing, the crowd was amazing and all we needed was a little love from Jim.
After wrapping SECTF activities for the day, we launched the first official human track for DEF CON in the SE Village. We had an amazing line up.
We started off with a great speech on applied de-escalation for social engineering by Noah Beddome, followed by an amazing presentation on the application of psychology to security and decision making by our Chief Influencing Agent, Michele Fincher. Michele’s talk was followed by an intellectual presentation on Natural Language Processing by Ian Harris, and John Ridpath rounded out presentations for the night with a talk about Shakespearean villains and social engineering.
Here are some images from the SE Village talks for your enjoyment.
Michele, aka @SultryAsian, delivered a fascinating and intellectual speech.
Ian Harris stirred the audience up with his speech on Natural Language Processing
You can catch these and the rest on the DEF CON DVDs when they come out.
SECTF4Kids, SECTF Day 2 and SEVillage Presentations
As if the first day wasn’t enough, we started Day 2 with even more awesome.
Our pride and joy success story, Ashley, was back with us again this year to help run the SECTF4Kids event. Dang, I love that girl. She is now in a world robotics league kicking robot butt all over the globe.
I think this is Amanda’s only hand gesture, which is telling me to shut up, as we give the kids and parents the starting line up for the SECTF4Kids. With a “GO!” the Amazing Race SECTF4Kids edition launched for the day. Amanda, Tamara, Billy and Anna all ran around like crazed lunatics to keep the kids challenged and engaged.
Shortly thereafter our podcast guest R. Paul Wilson stopped in to say “hi” and meet with fellow Scotch Fanatic, Jim Manley.
In the meantime, kids were hard at work cracking ciphers and doing all sorts of awesome things with their brains.
We conducted some last minute testing just before kicking off Day 2 of the SECTF:
Our first contestant of the day (and eventual winner of the competition) totally blew us all away.
The call was so good it left my team feeling……
In the meantime, kids were still crawling on the ground like little spies looking for hidden QR codes… we love it!
Colin was constantly bringing us food and drink.
If he could’ve just brought us a toilet, it would have been perfect.
We had a couple no-shows this year for the SECTF, but fortunately two volunteers stepped up and got in the booth to conduct live calls with just under 2 hours of prep time. One alternate contestant, Whitney, came in the 5!!! Amazing right?
After the final SECTF calls, we once again launched our SE Village presentations for the evening with Jayson Street, Tim Newberry, Chris Hadnagy, Dave Kennedy and Adam Compton & Eric Gershman.
Jayson spoke to a packed house on how to break in bad.
Tim Newberry gave the crowd a jolt with his presentation on Twitter, ISL and Tech.
I had the honor of presenting the history of the SECTF and evolution of the DEF CON SEVillage.
The new and improved Dave 2.0 provided some entertaining real world takes of end user attacks.
Finally, Adam and Eric closed out the night with some great content around the SpeedPhishing Framework
Although we were truly tired, it didn’t stop us from hosting ourprivate SE Party (LOCATION AND DETAILS TOP SECRET).
The End is Near – Sunday Podcast
Sunday was a great day for us with closing ceremonies, a live podcast, clean up and a great dinner with the whole SE team.
Yes Dave actually made it for the podcast, well part of the way… and our guest R. Paul Wilson was both amazing and fascinating.
When Dave had to leave early, he decided to HUG our guest… sigh
He then proceeded to hug about 50 people on the way out, including Mike, who looked really scared.
We then cleaned up the room and headed off to closing ceremonies.
A tired but amazing team watching the board for our pics.
Michele and I gave out first and second place prizes with a BLACK BADGE yet again. We were so proud of Jen, our first place winner for her amazing job this year.
Our tremendous second place winner, Jon S.
First place winner Jen F.
The closing wasn’t complete without a hug to my friend “Grifty”
M and I take one last minute to look over the crowd and say a final goodbye to an amazing year.
Our final event – the SE team dinner:
Final Thoughts:
Let me just leave this here first…
This year, over and over again, I was told one thing… my team is amazing. Michele, Amanda, Nick, Jim, Evan, Colin, Jess, Mike, Dan, Ashley, Tamara, Bonez, Anna, Mister_X & Billy – each of them played an integral role in the success of the SE Village! We were fortunate to once again run a wildly popular, wildly successful, village at the world’s largest hacker con that left people feeling better for having met us!!!
Sadly, we will proceed next year without Tamara. She has moved on to greener pastures and will be so sorely missed.
I’ll just drop this here too…. </3
This year we again learned that SE wins every time. We learned that even 7-8 year old kids can achieve greatness in critical thinking. We learned that well dressed, intelligent people can draw a massive crowd into a village all about human hacking. We learned a Thursday event that lets anyone join can be VERY successful. And last but certainly not least, I have learned that my team … this amazing and truly diverse group of individuals have come together as a TEAM to help this community grow, learn and be better… I have learned that without them, I am nothing and with them I can accomplish almost anything!
Stay tuned, we will be announcing some new and amazing things for DEF CON 24!
I missed it this year!!!! looked so fun and so many prizes!! i will be at next years def con without fail.
I would love to come to one of these events! Are they always in the US? Bit of a long shot, but are there any events in the UK? Thats where I am based, I do come to the states quite a bit, but I think I would have to get lucky with the dates…
nice article….excellent.