 Hey, how's it going def con? Super excited to get to talk to you guys about one of these things. I'm passionate about which is helping us to be security and magic Today we're gonna be going over out Sources and equivocates a treatise on how magicians speak. I learned that word all by myself, too. I'm very proud of it But let's go ahead and get started here So starting off I'm hex 90 no up not oh x 90 whatever you want to call me I don't really care. I'm a magician. I'm also a full-time software engineer. I have a background in security Love to break things and most importantly, I don't need more than my current 200 Twitter followers, so me for any handles or anything but overall Fairly unremarkable person and you don't need to worry about it What this talk is I want to I want to cover three major tenants within magic specifically how we We handled choices and how we handle Making people feel like they're making choices, but ultimately it's either something in our decision in our favor or something that we want to happen So we're gonna be covering Forcing multiple outs and equivocates the interesting thing about these three techniques is that they're all like super similar But they do have some small key differences that make them worth talking about as an individual concept Going forward what this talk is is not going to be I don't want to feel like I'm Have people I'm giving them permission to heckle performers performing is extremely difficult and and Honestly, if you have an interest in magic the time to do it is not during a performance or a show Honestly, a lot of magicians are pretty down-to-earth people. They're just People who are just as nerdy as you or I just kind of is doing a thing that they love So if you have an interest honestly take a magician aside say hey, I think that's really cool and I want to try it and They'll more often than not give you some cool books or some tips on on how to get into magic and I I Think that's really awesome because we're really open community But please please don't harass them because you know how to do some stuff now Also, this talk isn't About any secretly documented human cheat codes to make people act in ways that they normally wouldn't you're not going to get someone to act in there against their interest by saying some Magic words or like hit some crazy synapses that are going to make them all of a sudden forget who they are This is all very real Well-published at least in the magic world techniques that present the illusion of choice While you remain completely in control I also want to take a moment to address the fact that We have I am not in control of the slideshow right now So I'll be saying next slide and I'm sorry. It's not the most beautiful thing in the world But I don't have a clicky thing So I won't be able to do that and also Quarantine has made it so this week has been the most human interaction I've had to deal with in like six months So I I apologize if I sound less than human But let's go ahead and and hit the the first first term so forces Essentially a force is the appearance of different values to be chosen, but through subterfuge. The only option is a single choice This is when other choices cannot be selected This is I have 52 cards and I really really need someone to pick a specific thing It's when you have no option But the the the primary choice that you want them to select. Can we go to the next slide a Super over-the-heads term and honestly next time you have an opportunity to do a coin flip Go ahead and try to say this but Tails I win heads you lose It's Very quickly if you read it It's easy to see how how obvious that is But ultimately this is a force. There's no other option but to have them take a wrong choice here and If you actually try this and you you have confidence in your language You'd be surprised with how many times you can actually get away with this. It's a pretty fun Especially if you need to settle any bets within a bar The next slide we have multiple outs This is the appearance of free choice But ultimately all the possibilities all the possible decisions are accounted for and expected This is used when you need a freedom of choice and they need to actually feel like they have a free choice like everything is is fully free and and the reason why you want to do this is just Sometimes when you're forcing someone to pick a specific thing Unless that force is perfect and it's designed for the situation You can you can start to pick up on it You can kind of detect something in your brain goes off and says I'm being told to do something that I might not want to do And and there's an instant fight response But if you feel if the pressure is no longer on the decision and it's on their response Then you can get a little more into this And if we go to the the next slide Penn and Teller a while ago they They had the perfect example of multiple outs. They had a special called Penn and Teller off the deep end and To give you an idea of like how long ago this was Aaron Carter was also on this special and he sang a song underwater While they did magic tricks with scuba diving as well as a bunch of other stuff on the on the beach But one of the effects that they did was they had 52 reveals Which is sewing a playing card into your jacket hiding a giant card in a pot of plants You know kids having them written on them in sunscreen It was they had 52 different values that they could potentially reveal and Essentially they had someone selecting a completely random card and naming it and then suddenly they knew where it was or they They knew how to to reveal it and it made it seem like this was the only option that could have happened because Who would really set up? 52 possible answers for this and I think what they did was a perfect example To show the idea of what a multiple out is next slide Equivac a quivac a essentially just means double entendre. I think it sounds cooler But ultimately you're using open-ended questions and vague language to create ambiguity around choice or knowledge And I'm seeing that there's a typo in this slide and I'm kicking myself, but I love it You also use it when you need to control the perception of information Even having different definitions between different people For then in magic, this is called dual reality This allows you to have the same sentence based on the context that two people are coming from View it differently And I feel like the equivocate is probably the one the one of the most powerful terms when it comes to controlling Decisions coming from people as well as it's the most applicable to social engineering And it's actually one of the one of the many reasons why magicians won't perform a trick twice Very similar to multiple outs Everyone's heard the one of the rules of magic is you never perform a trick twice and And equivocates and multiple outs are a part of that if you do the same effect But you have to go a different direction and someone's seeing it twice in a row They're gonna easily be able to pick up that there's two different paths that they possibly could have gone down and It kind of does damage to the effect as well as if you view magic like a joke You wouldn't say the same joke twice in a row because everyone knows what the punchline is going to be and it becomes substantially less special But the example for equivocate if we go to the next slide is Are you right-handed or left-handed and if they respond left then you say great I need this hand to be loose. So let's use your non-dominant hand because we want them to be using their right hand But alternatively if they would have said right and you go to the next slide Are you right-handed or left-handed and they say right? Then you say great. I need this hand to be strong. So let's go ahead and and use your dominant hand And if you notice here if you saw these questions side by side and they're answered the same way That would ruin this effect but because of the vague language and the lack of intent being posed in the question you can't actually tell Uh, what the reasoning is for the question and so the answer doesn't seem So alien, but it is a little bit when you when you set them side by side Let's go ahead and go to the next section So How do these terms work? How come people don't instantly call a bull on a lot of this? And ultimately it's uh, it's not voodoo. Uh, there's no real magic here You're simply taking advantage of people's laziness There's a book actually called the paradox of choice why more is less And uh, that was written by Barry Schwartz and in it he talks about The decision-making process that people have and it's primarily about consumerism But also in the book it shows that That people are less Happy with their choices when there are too many and often they'll take a lot longer to make a simple choice So people much prefer to choose from three flavors of candy versus 50 because if they pick from 50, they're always going to be semi disappointed um And the perfect example of this is Anyone that's had to coordinate especially now with zoom calls Coordinate a time with multiple people Anytime you ask hey, what time works for everyone because you want to be a decent human being and you want to Commodate everyone. Uh, you're gonna it's going to result in a conversational gridlock. And this is because you have a An infinite amount of times that could be selected. I can't imagine people are like, oh, yes, I want to be at 12 p.m. And 16 picoseconds, but in theory you could And instead if you say hey should we need at 10 a.m. Or 6 p.m. Instead of what time works for everyone Uh More often than not you're going to get an answer much quicker. Everyone's going to be able to come to a decision quicker They won't always be exactly the times that you requested, but people will come They they will co-less into a a single time a lot faster because they're able to take that Information and they pose that as a question to themselves as how does this apply to me? and how can I fit into this instead of Also trying to account for all these external factors and by limiting choices You make people Feel more confident in their choices instead of making it this open-ended world and another issue with with using equivocay or using multiple outs or even forces Is that some of these methods can leave a trail of word crumbs That you can easily backtrack to figure out that there was manipulation So if you were to watch rewatch a zoom call Where an equivocay was used You could potentially figure out how vague that language is after the fact sometimes in the moment You won't necessarily see that happening, but after the fact You might be able to to backtrack on it But in that moment you also want to avoid people being able to find and pick up on those word crumbs and backtrack on that conversation And the way magicians get around this is We create little memory snapshots so let's say we had to do a deck switch and Do all these other crazy things instead of Highlighting that moment of the deck switch. We're going to try to mentally Have the picture that your mind takes the thing that you remember Be much different. That's also why people magicians at least they'll work on blocking out their props So for example, we had a magician who came on and he did a zoom show And part of it is he he has a card Under a box and he wants you to make sure that you see that that card and you remember it and you remember that it didn't move And and that's very important because when you go back in your inferring method You don't want to have your your audience get distracted on that And the way we do this is we reiterate on stories that we wanted to happen not necessarily what exactly happened But what we want to happen And then we also let the manipulations fade into the background. We stop drawing attention to them Uh, I if I'm doing an effect where I need to choose someone's right hand or left hand I'm not going to go back and say and remember when I had you pick your hand We're going to pretend like that never happened um and another misconception here is that Misdirection is used but it's not used in the way people think about it. A lot of people think misdirection is Hey, look over there and then something sneaky happens over here What actually happens with misdirection is you you have something that you want to hide you want this to be in the shadows not in the light So you make something interesting happen over here instead and your focus comes here and then this thing It it it drops away into the background and you can do this verbally. You can do it with props You can do it with stage direction. Uh, if you've ever watched live theater before Even without magic, you'll notice When there's a monologue or something happens and they're bringing everyone to the front of the theater Things in the background start vanishing and they're pulling objects off of the stage Maybe cast members are disappearing because they're changing out a set piece or something But that's not because they're trying to misdirect you and they're not trying to fool you They're simply encouraging you to keep your attention elsewhere But they don't have to do it with a trick or like a hey look over here and ring a bunch of keys in your face And and that's a very important thing when it comes to making that snapshot because if you're really aggressive with that You will fail and that's how people can kind of Backtrack whether it's in a magic trick or whether you're doing this in uh, in a social engineering setting If you could go ahead and hit the the next slide um So now let's get into actual actual applications of of these three concepts. So, uh, magical applications of forces Uh, obviously there's there's a card force. So if I have, uh Let's say a duplicate of a card somewhere And maybe it's in my pocket or something And I want I want to do this really seamless effect where I have a card selected And then it goes back in the deck and then without bringing my hand near it. I can pull it out of my pocket That's a very uh, simple way, but there's there's many ways to force a card Uh One of the the classic of all forces is exactly that's the classic force And it's the idea of of timing it in such a way that when they go that they naturally select it And this is something that takes Decades of practice and it's something that I continuously am working on There's also methods of sleight of hand for for forcing a card And and there are there are books and books and books written on this subject For actually learning this and if you guys are interested I'm happy to to show a few methods later after the q&a is going on There's also a billet or an object force So this is one that I think actually applies more to That could be used better for social engineering Or an offensive attack But a billet is essentially a a folded piece of paper That might have like a piece of information on it and commonly If you need a force something you might allow your audience to collect and write a bunch of things down to get put into a box But maybe that whole box gets switched out or maybe there's a special gimmick with the box that allows When you open it You can go in and you're only going to pull out the ones that you want And that's really important to to take notice of because you can do this with pieces of paper you can do with small objects And of course the last one here is a pattern force this was less about swapping out an object that you're providing and more about Swapping out information that a spectator is providing for you So let's say we have someone who mixes up a rubik's cube behind their back They're unaware of what that information might be and then they bring it forward to you without looking at it And you're able to put something like a shell over it Or something that allows you to change the values in it to something that you want to get to a specific value And essentially in real life if you think about it This would be like if someone was able to generate a random value that they weren't able to look at and then they gave it to you And you said, ah, yes, your random value is three. Of course it is Um, and and that could be Very damaging. Uh, I can only imagine the type of nonsense that could happen with crypto and that If we could go to the next slide Some iRL applications of forces So this there's a there's a a bunch of different ideas and you can get as cheeky as you want And I just came up with a few. Uh, these are of course theoretical I'm coming from a magic perspective, but I also like to break things So I haven't actually had an opportunity to to do any red teaming myself But I have done lots of security contracting with black box and white box penetration tests And a lot of these concepts could easily apply and leak in To a social engineering concept because they do work so well in magic But when you're comparing forces in magic to forces in real life The I realize that forces are best used for getting objects in people's hands Thinking that they have chosen them from a group that that this is the object that's in their best intention Like imagine going to a used car lot and for some reason they want you to take this specific car You're like, I want this model and you have three of them And they're all the same color. But why do you want me to have this one? And of course that should throw some red flags, but there there might be Reasons for wanting to do that. It might be advantageous for them to get it off a lot for whatever reason It might not it might even be benign But you never know and some other applications of forces For example, if you wanted to if you had a batch of benign USB sticks and then you had a batch of USB sticks that had for example A human interface device attack on it something that's going to simulate a keyboard and and open up the terminal and it's going to Do lots of terrible stuff. I've I've written plenty of them If you ever get into the hit attacks, they're they're a lot of fun But if you only want a specific person to get them imagine if you're able to be a vendor at a party or you're able to pose as a vendor at a party And everyone's getting their things and you could do some sort of grab bag switch Which are super common in magic They they look very benign, but it basically makes it so Certain people can choose from one compartment and another person can only choose from a specific compartment And it's it's a great way to get people to Select a specific object Also rigging a contest If you think about something like the lottery the whole lottery is based around Making sure that you can't force the value of the of the ping pong ball. I don't know if they still do that, but If you're able to force that value or force the object of it That is that's all a game over Really another example is if you could easily Easily using like a cross-site scripting exploit on a website You could change all of the link values on a website and and point it towards malicious software and Of course, you know, you can point it to a phishing website. You can point it to a piece of software Now wear whatever you want But of course you're you're taking this environment of open choices. They think that they can go anywhere But of course, you're forcing them into a funnel. They're forcing them to a single choice And then for a social net engineering application If you had for example a small directory of people all with different phone numbers and names and These are all your teammates Well, if you get caught in attack or someone wants to verify your credentials and instead of saying here's my boss Go cut go ahead and call them. You're like, here's my team. I don't have time to deal with this Uh, because now you're putting weight on them, but you're like, I don't have time to deal with this Go go ahead and call one of them and they'll verify well They're ultimately going to end up with the same person But that illusion of choice it it makes it seem there's a legitimacy behind quantity Um because if I if I was a vendor and it's the difference between Going into to a place and handing out like a handful of Of uh flash drives from a baggie and then having a box of 2000 of them You know, one of them you're going to go. Okay, that guy's clearly handing out viruses and another one You're going to go. Oh, maybe, you know, who's going to create 2000 pieces of malicious hardware I mean, I might that sounds like a great attack actually expensive, but it could be useful If we could go ahead and get to the next slide Uh, and the magic applications are multiple outs. Um, there there's a couple of There's there's hundreds of tricks. There's thousands you can find these in in books everywhere, but uh I actually came up with a small little bar bet for this and the idea is pretty simple as you play a game of rock paper scissors and Uh, the the proposition is I am going to win this game of rock paper scissors on the first round and Ultimately, whatever you do, you just pick rock. So if they go rock paper scissors and this person picks rock Well, the idea is you can say I told you I was going to win on the first round And that's why I chose paper and all you do is you have a piece of paper in your hand Uh, because They chose rock Now let's say they went ahead and they chose scissors Of course you win because it's rock and if they went ahead and they chose paper to cover you Unfortunately on your paper You do have uh scissors. I don't know this that can make it out but It's essentially you understand the constraints of where you're in they have three choices to pick from and of course It's a con and you're more likely going to get punched than uh rewarded But maybe you'll get a good laugh out of it Uh, and but the idea is that you you see the constraints where they have three choices And you're able to account to every single one of them and make it work in your favor Even if it is going to get you punched in the face Uh, another one, uh, this is a classic effect. There's a it's a queen's holdout So if you were to have four queens What you can do is there's a you can get these sleeve garters You can even do it with a rolled cuff, but essentially You put these queens in your sleeve garter. They're pinned to your arm and you spread them like so And i'll put them in a specific order. It's called chased order. It's uh clubs hearts spades and diamonds And all you do is you have these on your sleeve pinned And in an effect you can have a queen freely named and claim it's in your pocket And when you open up your jacket instead of reaching into the pocket you're reaching to the sleeve And you can feel the index and easily pull out Whatever specific queen it is deposit it in your pocket as you're opening up your body language a little more revealing the queen and of course the The first thing that's going to happen is people are going to say there's more than one queen in there So you can easily empty that pocket completely Then they might imply that you have a queen in each pocket and you're just going to change pockets which you can also easily disprove and this is a good example of an out because They feel like everything is clean. Everything's happening into a single location But you've been able to determine That there are four choices They all have one of them has to end up here and you know a way to account with uh for all of them Whether it's through verbiage or it's through a physical manipulation, albeit this one is very simple And then this is a classic classic in magic is Uh name you have a name any card and you you aren't ready for the one they named Often what I'll do is I will stack my duck But not in in all 52 kind of way I will do something like a queen of hearts on top and like a jack of spades on the bottom and then maybe in my pocket I might have an ace of spades and I just have a mental catalog of what cards get named the most Usually one of those uh sometimes like a king of clubs might get thrown in there and it depends on the person really But if I'm ready with that queen of hearts on top and I have Something that can blow someone's mind if I if I have them name a card that I know is on the top of a deck Then if they name it great if they name one of the other cards in different position I work with that But if they don't name anything It's not like there's this massive failure. You don't know what my intention was If you went ahead and you named the nine of spades, then I just go ahead and go, okay Well, we'll use your free selected card. This is the one you were thinking about now. Let's work with this There's there's no force in there. There's nothing that could make them go. Oh, that was weird It's just I'm having you select a card You don't know what's about to happen and that's something that happens a lot in magic is This concept of don't run when when no one is chasing you and I feel like social engineering can really Uh gather a lot from that because When you're when you're nervous when you are trying to make excuses for everything when something doesn't work exactly how you want it Uh, that's one thing fall apart. Um You know people people are weird People are just inherently weird and and take advantage of that So no one is a mind reader. No one can see exactly what you're about to do Don't don't run when you're not being chased. Uh, let's go ahead and and get to the next section Uh, this is the iRL application of multiple outs. Um, originally I I said this as a joke, uh, but batman is the master of multiple outs Even the adam west one. Uh, and if you see here, uh, he has both he's clearly being attacked by Uh, a shark, um, but he he's ready because he knows he's like i'm going to be attacked by manta ray repellent By manta rays or i'm going to be attacked by a shark and so he has repellents for both And if both of those don't work then he has fists batman is the old he is he is the king of multiple outs He is always ready for different scenarios. Whether it's joker toxins or maybe just throwing someone off the building Who cares? He's batman. Uh, but in an actual real life, uh, if you go to the next slide the uh, the iRL applications of multiple outs, um A really good example that i've uh, that i've used when i've done, um fishing attacks on on jobs is Uh, multi-layer fishing attacks more often than not a fishing attack is Here's my website I want someone to go to it and I want them to get tricked into going in And I want them to to try to type in their information and I want them to send it to me and I want to log it No Fishing attacks need to get way more sophisticated And and through multiple outs you could you could easily do that the so if you think about it, um You know, you need to figure out what are all your constraints and how can you have an outcome that Serves you the best so if you take what uh fishing websites, for example, uh, think about the outcomes One they leave immediately Two they type in their info Then they read the you are all at the last second and then they leave Or three they fall for it completely and then they send you your information uh All of those like the the only one that wins is the very last case but If you if you think about it What if you actually when they type in their info you have a javascript key logger that is taking note of everything They're sending and it's sending it off to a command server Every time anytime you make a fishing website put a key logger on it because I I have gone on to websites plenty of times I start typing my username and password and then the oh shit moment hits and then I read the url Realize i'm fine and then I keep going But if there was a key logger on that I'd be fucked You know that that would that would not be okay. Um, and then also another way to to serve yourself a little bit better um If someone leaves immediately Instead of letting them just leave immediately Why not attempt to have a javascript pop-up that uses? Some identifiable trademark language or a company name information from your target and it says hey We just detected that this is a fishing website Go ahead and fill in this form with your name or your email or your phone and your extension Get privileged information You might not get credentials, but privileged information is also gold Not everyone has it easy to access company directory where you can start futzing around getting stuff like this You can even have when they try to leave a javascript pop-up that says great job This is an internal test from the company. You passed our security audit Congratulations fill in this form so we can make sure that your manager knows Boom taking advantage of of that desire to build and and feel good about themselves You've given them more and all of these options are way better than It either works or it doesn't And then of course there's the option that they might be able to realize that there's a scan within the scam and You know you could go as many layers deep as you want with this You can even follow up with an email afterwards and be like hey, we noticed this and I try to contact them directly But ultimately those three layers are better than the original one and an example of doing this in the physical world is Is think about like crash key sets like where you have keys for all of the the entry boxes in in los angeles or all of the the elevator keys There have been so many def con talks. There are so many keys available Everyone everyone's aware of these there's also the tsa key pack. Oh bless the tsa. They have made this so easy they took the constraint of Everyone in the in an airport has to have a bag with the lock That fits this constraint so How what type of outs do you need to have to make sure you can manage everything in this constraint the tsa key pack You you get a copy of each one of those keys and suddenly you have an out for every single lock and And this works, of course for for other different systems And you can just kind of view that exercise of like think about challenges in a security scenario Where you say what are the constraints? How many choices are there? What are all the permutations of this? And how many can I realistically have a response to? And then how many can you do if you were being unrealistic? Maybe it takes having 400 different isp uniforms in a van Screw it. If it gets you in the building it gets you in the building Um, basically any plan be attacks or additional layers In in real life that that makes for a good multiple out. Can we get the next slide? so stage whispers This is actually something that's used in both magic And also just on stage Uh, normally a stage whisper on stage is just like you're communicating a direction But the audience isn't supposed to know about it like people you can have full conversations on stage Depending on the size of where you're at But in magic a stage whisper is You call up an audience member. You don't you don't make a fanfare or anything You bring them up and while you're bringing them up you look them in the eyes Helping them up and you say what is your name? But you don't say it loudly You don't move your mouth a whole lot. You don't articulate they say I'm john And you pull them up and you do a magic trick you do whatever maybe it's a mentalism piece And and you're doing your mentalism piece and then you say And your name is john and everyone loses their mind when they nod because You've you've just figured out their name and then you quickly have to like hush them because You're like no this isn't this isn't where the magic begins. I am more magical than this and to john It just looks like you're telling them. Oh, no, that wasn't actually magic But this is an example of a dual reality. This is where The audience thinks one very specific thing and john is aware of a completely different thing But the thing is is that you don't want john To to be in on it you you want him to to be an unwilling participant And you're doing this with an ambiguity of language. You're doing this with an ambiguity of knowledge Another effect and this is a classic thing You have a box set aside. You have a watch A knife and a card and on the card it simply says I have the card You have the knife the watch is in the box It's very simple Uh, and you place these objects you let your audience members shuffle them around your your person that you're doing this It's great for one on one and you say Both hands on any two of these objects the box is set aside. It's not part of this And let's say they put their hands on on the on the knife and the card And You know you go ahead and you say okay hand one of those to me and you take one Leaving the watch on the table and you go ahead and just put in the box If they get the card you say read what the card says And then they read it out loud and all of the qualifications for it are true If you end up with the card You simply read it out loud and all the qualifications are true because it's from your perspective The only instance where it gets a little weird is if they put both of their hands on the watch And one of the other objects, but you say okay now go ahead and lift up one of your hands and If they lift up the hand That's on the knife You can go ahead and say Okay, we'll set these aside. We'll set these two others aside And then the watch I want you to put them in the box If they lift their hand off of the watch you say, okay, we'll discard the watch and this gets back into the idea of You don't want to do the same trick twice because this is a perfect example of If someone watches us twice it's instantly going to fall apart but If you can present this as well and you can present your equivocate well and your method for it And your language and your confidence in it and how much you believe What you say is happening is happening. It becomes the truth It's no longer optional. It is the truth and that's and that's why magic magicians like daren brown are so effective because when he speaks It's the truth and and that's and that's absolutely wonderful Um, and then another effect is called ash in hand Uh earlier I did a slide where I asked if someone was right-handed or left-handed and it didn't matter The reason for this Is for an effect called ash in hand What you do is you have someone put both of their hands out flat like this And all you do is you grab their hand and you adjust them a little bit like this You maybe move it lower or higher you give some bullshit stage direction And what you're doing is you're secretly depositing a little bit of ash on your finger Onto their left hand you can do it on their right. It doesn't really matter But you're going to force one of those hands with an equivocate And so let's say you put it on there on their right So you smudge it on their right hand and their hands are all like this You've moved them. They now have a smudge. You are now completely hands-free And then you say are you right-handed or left-handed? And this is where that choice makes it seem like they have full control of this situation They say I'm left-handed you say okay great. We want to use your weak hand So we're going to use your right hand and go ahead and drop your left hand They leave it out if they say I'm right-handed you say go Okay, leave your right hand out and and drop your left You have them make a fist And from here all you have to do is take a little bit of ash And you sprinkle on the back of their hands and rub it in until it vanishes That's not the magic it's But you can you can play that up you can whatever your character whatever your writing is But then you say that the ash has gone through their hand and has ended up inside of their palm and they open up And then they have ash inside of their hand and the reason why this is magical is because You've been stepped away Even if they remember the actual fact that they made a choice of which hand It's it's couldn't because it's it's not on both hands It's only on the one and you never touched them because You've made this memory of hey, you're you're fucking up. I'm helping you here they're going to wipe that And and that's a perfect example of of taking that snapshot as well as using an equivocay and that vague intent on your question to make them Follow instructions with you a little bit better If we could go ahead to the next slide Real-life applications of equivocay so honestly I equivocates our best for inferred information on a job Let's say you notice on facebook the big boss had a barbecue You're you're doing some big red team thing and you want you want everyone to You've done a bunch of research. You know the guy that runs the building or whatever his name's bob And you can now weaponize the fact that he had a barbecue that weekend because In your while you're building rapport with one of your targets You can say hey where you have bob's barbecue and they have two realistic responses They can either say yes or they can say no And by leveraging this because of this vague intent this vague language You can make it seem like you're either invited but didn't go Which makes that person you're equal instantly because you're now they were invited to the barbecue. So were you And if they didn't know about it or they didn't go You can now be their superior. You are now the person that's friends with the big boss and they aren't And suddenly this relationship dynamic one you've inserted yourself Close to someone that they're supposed to respect and be under but also You you have given yourself a history you have a background story just from one single piece of information and a vague question um And more often than not though in magic, uh, you know, you leverage your social position to get away with equivocates It allows you to get away with things that might not make sense But um when it comes to influencing people's choices in real life using equivocate People say no and they'll walk away. It's it's it's You can't make realistic situations Like by forcing people to choose things with equivocates. It's very weird But you can't get away with it But you have to be a bit of jerk and you have to write it off as a misunderstanding later and you have to act quickly um An example of doing this with uh an ambiguous intent is I don't know how many people know about the trick of asking When your partner says, hey, I'm hungry you say And instead of saying, okay, where do you want to go eat? You say I already know where I want to take you but you have to guess And then they do and instead of being like, oh, you're right You just take them there because you use this ambiguous intent. They don't know And any of the information that you know But it's basically just a big lie to get them to give you more information And sometimes people don't even know of themselves And another way I've noticed equivocate in real life is in dark patterns A lot of them if you're not familiar with what a dark pattern is on the internet Is when a UI is is creating is is creating language or it's creating a UI experience Around sometimes preventing you from doing something Or trying to mitigate the amount of people doing a specific action Like I don't know if you've ever tried to cancel an amazon account But there's like 16 menus to go through and and it's ridiculous and that's a dark pattern And a quick dark pattern here is uh, don't do not uncheck this box If you wish to be contacted via about product updates upgrades special offers and pricing Does it make sense? It's confusing. It's vague. It's ambiguous And it's how they're preventing you from doing an action, which is unsubscribing Which is something that they don't want you to do And actually even in our game Which if you haven't had a chance to check out the rogues village game go for it. It's beautiful lots of fun But we have an equivocate easter egg hit in there you're asked What one of your strengths are and regardless of what you respond with We're always going to give you the same item because we're either going to bolster your weaknesses Or we're going to uh enhance your strength and it doesn't matter But it's an equivocate, but you feel like you have a free choice But both paths lead to the same road and Once again, it comes down to those constraints. You're figuring out what paths you have available to you And how can you merge them in a direction that you want? Um, and let's go ahead and get to the the takeaways um So forces are our direct decisions that the target has zero control in This is good for direct attacks that introduce a specific object. For example If you're using a switch bag for getting in a piece of hardware Or maybe forcing a value on something like a contest or a lottery Multiple outs are fully free selections that you cannot control You can't control the amount of constraints. You can accept them But you can be prepared for them and this is good for having responses for a narrow selection of answers for example a deck of cards is a 52 question object and And once you you can figure out how to mitigate those 52 questions, it becomes a lot easier to deal with and equivocays They're for creating ambiguity around definitions allowing your will to be imposed on a target Equivocays aren't perfect But it allows you to enhance Your your percentages and it's great for warping decisions or You know creating inferred knowledge and the next slide This is the defensive takeaways. I think this is something that everyone can actually Gather something from whether you're in security whether in your magic Or you're just a plain joe Because scams exist everywhere But also, please don't ever do this to magicians I beg of you if I have someone do this to me and I'm doing a magic trick and they it turns out that saw this talk I'm gonna be very sad But forces if you feel like you didn't have a free choice Attempt to make another one where you can change the rules of the selection Be prepared for an out Always, you know be ready to to try to change your choice if you're at that car lot and they say Here's the green Subaru and you can say let me look at another green Subaru and if they're really antsy about that Maybe just leave if you're you're an adult go go buy a car somewhere else Multiple outs go through the scenarios. What were your actual choices here because you might maybe you're actually in a force Maybe you're in an equivocation But go through your scenarios and see if it's possible to prepare for each of them And if that intent on that preparation could be negative to you And like I said, try to change your mind try to change the rules If you can change the rules or you can change your mind, you have a lot more freedom But also, you know chances that you can never be a hundred percent sure so always be able to Stand to your ground and redact In equivocates when you're given vague decisions verify the intent of the question and what responses will be used for So if you get a weird question and it seems very open-ended and weird and it's not from someone you trust Uh Clarifying what they want to use the answer for you don't have to answer questions You don't have to answer someone you've never met who's asking you an elevator if you went to bob's barbecue You could say what does it matter to you guy? I don't I don't know you That's my purse get out get away from here. Um always validate And that's pretty much it if you can if you can validate if you can change your mind if you can change the rules Or how the your what gives you your selection of answers, uh, you'll be safe Or safer as you as it were. Um, and I I think that's pretty much it. Yeah, I think I'm ready for my my my q and a j um So first up, uh 0x90 in your experience. What is the percentage of time that somebody uses? Some of the defense mechanisms mechanisms you discussed Uh, yeah, and when when it comes to uh doing this in a magic scenario uh It really it really depends on how you're approaching I've noticed that if you treat anything that you're doing in magic like a puzzle People will shut down and they will they will inherently get defensive and they will not want to interact Where if you haven't selected card, they'll wait till the very end because they don't trust you and it's because you haven't built up rapport Um, so it it's a case by case scenario. It happens on an individual basis. Um The the longer I've been doing magic though the less it has happened and uh It's gone the point for me I remember when I first started almost 10 years ago Uh when I would be doing a trick and then someone would say oh, I Let me let me see those cards and I'll be like, oh no and I was shut down and get all clammy and uh and all of a sudden there goes all the magic But now I I could prepare I could have something that I'm preparing for like hours ahead of time and it took I have every single card Exactly where I needed it if someone says well whatever magic boy Let me see that deck. I want to shuffle it and it's not a show where I can tell them to go screw themselves I'm gonna hand them the deck and say okay shuffle it and I will change my entire set just to Uh just to preserve that magic But as basically short answer as you get better the longer you do it happens less and less It was at a point where it was maybe like one out of ten people and now Maybe if I'm performing a lot it might happen like once a month But it really depends on like how able you're to disarm your people And how much you can connect with them because if you're your if you're their friend before you start doing magic They're not going to be a jerk to their friend Uh someone asked the question. Are you right handed or left handed? I am right handed. Uh, I don't know exactly how uh the the screen stuff is set up So it might appear that this is my left hand. Um, but I am right handed And uh, we have a question for you another one What kind of ash is it that you're talking about something special or just burnt paper? Like do you make the ash yourself? Oh, uh, so actually this is a classic impromptu effect and uh, you used to do it originally with like a cigar ash and The reason why it was neat is because you could just quickly dip your thumb in an ash Tray which is disgusting if it's like public, but you know, it's magic. We do disgusting stuff sometimes Um, and then you can just sit at a party with your thumb kind of like behind your hand Is you're just stipulating and talking to people and you can go ahead and and do the effect that way Um, but basically cigarette ash, uh, you might potentially want to do this a different way. Um There are a couple of other effects that have Taken this approach And they are published and they're stroke so currently manufactured. So if you want to go ahead and uh DM me I'll actually give you a link to the product. Um, I don't make anything off of it I just don't want to imply that it uses the same equivocation stuff because I didn't make this the effect itself Um, but it's very good and it's modern. You've probably seen it on agt. It's great uh, we got uh We have one person that is claiming you as a fed so, uh Oh who's claiming me as a fed? Uh, what what's their social security number? Um, no, I'm I'm not a fed. Uh, I I have way too much hair I have so much hair, especially for being a fed that you can't actually tell that I'm wearing like bows headphones Like I'm like the full ear cup. I don't Feds don't have this much hair But no, I I'm not a fed. I I'm I'm a software engineer. I've done some security contract stuff Uh, ultimately If if you want to if you want to find me on twitter DM me, I'll send you my page and you can be very disappointed That's beautiful. Uh, I'm gonna wait for one more, uh question that's coming in. Um I you know, I think we could probably just feel that on the discord I'm going to give them 10 seconds to get a 10 9 8 7 6. I mean jade's typing. Oh, okay. All right Ooh angel rain's typing Maybe if I just keep saying people are typing I'll get more and more maybe they'll just start typing and never fill it. Um All right, so what extent? Admitting a failure can be used as an out So I wouldn't ever consider a A flat out failure as an out um, there have been times where I have set up for an effect and You're so far in it It's like where you're at the table and you need to turn over the card and it has to be your thing and there have been sometimes years ago Where I've turned that card over and it's the wrong thing and there's just no way of getting back to it And I say ladies and gentlemen, this is theater. It's live. I am so sorry This is a fuck up And and every every magician this has happened to But ideally like if you if you have even the smallest window Or where you can be clever about something You know, you don't always you you rarely have to accept failure If I'm doing something that is dramatic And there is a lot of intention and emotion behind a certain moment or meaning behind something Artistically I make the decision to take the fall and the full blame of it Similar to singing a horrible note on stage and you just kind of go I I'm sorry But I have my artistic integrity and I'm not going to do jazz magic over this to try to recover Uh, I think that might be it But thank you 0x90. Oh wait, sorry. We have one last. This would be the last one. Okay, and then we'll cut it up This we could feel them in the discord But this is a good one to end with who inspires you the most geez This is this is a really really good question. Um There there I have a couple of answers for this, but um Just to keep this short. I would have to say uh, the late ricky jay and the late johnny thompson both different worlds different styles of performing um, but reading ricky's death of knowledge and how much he He is passionate about his craft and elevating it to the level of art is beautiful to me and johnny thompson Being this encyclopedia of magic where he knows just about everything and he's very good and cares about things deeply But they approach They approach it differently johnny thompson's about making sure people are entertained and doing it well and ricky jay is about the uh You know the the total experience of theater And he he sees this theater that he alone sees in his head It's just him and he has this idea of what makes it perfect and he's very aggressive about it and I love it um Sorry, I lied to you last one. Uh But aod wants you to speak to the idea that a magician can sneak out of a failure Because that's the audience or the audience doesn't know exactly what's supposed to happen Yeah, exactly. Um Don't uh, don't run when no one's chasing you If if I pull out a a card and it's like the reveal And I know it's not it. I've I figured it out that is not it um, you know, you can you can attempt to backtrack you can maybe uh, like There are there are effects. There's a thing called an invisible deck. It's wonderful and it allows you basically to to have to summon any card essentially and For example, if you ever screw up so badly that is is irredeemable You can keep something like that on your person and just be like well Actually, I did this and then you did this whole other effect You can always move on to something else No one knows that you're about to have the card come to the top of the deck 47 times in a row Maybe on the 22nd one You you you screw it up and and you can just move into something else You can just make a joke about and be like I guess it died after 21 and move on and it depends on your personality and honestly The calmer you are the the more ready you are to accept something getting screwed up and just moving on with it People will never remember it. People sell them. I I have I have come off of So many performances where I screwed one thing up and I had to recover like that and It it affects me to the point where I'm I become so upset like I like I need like hours by myself to like Think about how I'm such an idiot and I screwed something up And I've never had a single person ever pointed out And even professional magicians. I'm like, yeah, but I did this and I screwed this thing up and they're like Oh, I thought you were just going into this effect that way. I had no clue No, no one cares. No one's chasing you. Um, yeah Awesome, uh, that will conclude our q&a portion for this talk. Thank you for everything Yeah, thank you