DEFCON Social-Engineer CTF Contest Findings Report

If you’re at all interested in Social Engineering as I’m sure that most of our readers are, then you will probably be very interested in the report over at the Social-Engineer.org site.

At DEFCON 18 this year, held in Las Vegas there was a Social Engineering Capture The Flag event held. This proved to be quite a success, well more so for the participants, than the actual companies targeted, but hey. All’s fair in love and war.

Some of the rules for this event were the following:

- Contestants may not ask for or obtain financial data, passwords, or personal identifying information such as social security numbers or bank account numbers;
- Contestants may not attempt to falsify or falsify employment records;
- The list of target organizations will not include any financial, government, educational, or health care organizations;
- Contestants must keep it clean, for example, use of any pornography is banned.

Even the FBI were extremely weary of this contest and contacted the organizers beforehand, so this was getting a lot of press coverage. I am also aware that quite a few companies sent out internal communications about this event to their employees, warning them not to give out any sensitive information.

I’d personally just like to thank the team over at Social-Engineer.org for doing so much to bring social engineering into the public’s eye, and also for all the hard work they’ve put into SET and the Social Engineering Framework. Keep up the amazing work guys!
So without further ado, you can read the full report here.

Share