Security BSides Las Vegas is finally here, and attendees will be able to start getting their learnin’ on with some impressive sessions and workshops in just a matter of days.
Aside from the stellar learning opportunities we have been profiling for several weeks, BSidesLV is also hosting The World Championship of Social Engineering Capture the Flag event.
The competition is being produced by Squirrels in a Barrel with financial sponsorship from Lares Consulting, and looks like it is going to be one heck of a showdown given the level of talent that is usually present at any BSides event of this size.
So what exactly is The World Championship of Social Engineering?
“Well, it is the most in-depth, get your hands dirty, no holds barred, social engineering engagement,” said lead squirrel and organizer Aaron Crawford.
“We are pulling out all of the stops on this one, there is nothing that is too far out or fantastic, as a lot of research and polling has taken place to put together several Social Engineering scenarios and tie them together into a massive two day CTF, which is accessible to all backgrounds and all skill levels.”
Crawford says contestants will get to do the things they have always wanted to try during a standard pentest, and maybe even some things we have all read about, but would probably be illegal to try out in a real world setting.
“Well, now you can do them, but in a safe environment,” Crawford said. “Over the two days of BSidesLV contestants will be faced with insane tasks, obstacles and killer squirrels, all leading up to a final report – just like in the real world.”
Crawford says participants will come away with valuable lessons learned after they fully immerse themselves in a live social engineering environment, and anything goes because there is no cheating in hacking.
“They will have to learn how to successfully practice Social Engineering techniques in a wide variety of scenarios, then just like the real world, they have to write a final report for a mock client,” Crawford said.
“The winner walks away with the coveted Golden Squirrel belt which was made for us by the same people that make belts for MMA and the WWE.”
Crawford himself is an adversarial engineer working for Lares who has spoken at RSA, CEIC, PodCamp, and several BSides conferences around the country, and his passion for social engineering led him to create The World Championship of Social Engineering.
Crawford says he eats, sleeps and continually drinks from the proverbial information security fire hose, which led him to form Squirrels in a Barrel (@squirrelsnabrrl), a free and open source training solution for individuals interested in Social Engineering and infosec, the group who created all the content and scenarios for the event.
Social Engineering exploits the weakest link in any system: The human. We hear and read so much about it, but few have an opportunity to experience it in real life – without getting really burned that is – and Crawford’s group is seeking to provide a safe and real life means to practice Social Engineering through this event.
“Nothing of this scale has ever been attempted before,” Crawford said. “We previously held regional tournaments across the country at various BSides conferences, those regional winners will be competing against one another at this tournament.”
Social Engineering and its potential impact are important for everyone at any organization to understand in order to protect against predators, and this event is also a good means of training for pentesters to sharpen their craft.
“Giving all parties a real world environment to play in gives valuable practice and insight that you would not receive from security awareness training. This is hands on and as real as it gets,” Crawford said.
“But due to the nature of the game being live we have had to consult multiple lawyers to ensure the safety of all involved. This is real life so anything can go wrong, so we planed for that with lots and lots of lawyers,” he continued.
As long as there are people, there will be Social Engineering, so Crawford and the other organizers hope the event provides insight and training that no one would be able get anywhere else, in addition to making it fun.
“The more we share with others and get them to experience true Social Engineering they will be better equipped to properly counter the threat.”
BSidesLV 2013 Featured Sessions:
- BSidesLV Preview: The Object Monitor for Enhanced Network Security (OMENS)
- BSidesLV Preview: Fun with WebSockets Using Socket Puppet
- BSidesLV Preview: Open Source Pentesting and Forensic Distribution
- BSidesLV Preview: Vulnerabilities in Application Whitelisting
- BSidesLV Preview: Effective Communication in IT Security
- BSidesLV Preview: Baking Assurance into Software
- SidesLV Preview: Wireless Pen Testing and Assessments
- BSidesLV Preview: Using Machine Learning for Security Analytics
- BSidesLV Preview: Wireless Pen Testing and Assessments
- BSidesLV Preview: No Magic Bullets
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock