 We had this great idea to invite some of the other villages in for our number 84 podcast We've done one of these every year at DEF CON because I think maybe there's some Bad locations that you may not know how to get to certain villages or what's going on there so we have two we have Nina who runs the biohacking village and Ty short running hard work hardware hacking awesome, so we got awesome two of the villages here So what we want to do is just kind of talk a little bit about Your village, so then you can get out of here and pack up your room All about yourself what your background is what you do and what you did at DEF CON and your date of birth and your social security number Your home address I'd give it to you if you wanted it. I do I want it all look at that face And then she would turn around and get all that information from you because she probably already can She's already implanted me with a chip Do you want one? No, we're doing implants later too. No, I don't want anything implanted in me I'm kind of on the fence about this. This is so cool. You should kind of do it No, no, I don't like it. It makes me queasy. You want to touch it? No, I already did I touched it That's a quote of the day. I touched it It's so bad. I don't want to touch it so really quick Um, I also have I'm from New York So I throw in the New York accent every once in a while unintentionally so do I awesome. It's okay cool So I run the biohacking village and essentially it's to Make the human experience better by just enhancing it with technology This year is actually the first full year of the village a lot of exciting things have happened We had DARPA. We had the FBI. We had DIY a lot of implants have happened That's the major thing. I think that's going on Maybe 200 people so far have been implanted. Wow, that's fantastic. What do the implants do? What do you want them to do? That's the actual question. So mine are very want them to make me Let me think on that one You should you should program it so it electrifies you every time you reach out for something I'd pay for that that would suck actually Actually, I'm keyboarding I think that would not be a great plan so my background is in bioinformatics I work in hospitals I protect the data information of the patients inside so for me My chips are connected to my laptop as a security measure because I'm hip a component So if I'm not within two to three feet of my laptop it goes to sleep and when I come back I don't know who's around me. I have a lot of people that I work with so I don't know what kind of Job they have so if Michelle was with me. She's Not working in the medical field. She's not shady Shady. You are kind of shady. Yeah, so I Have it's a new Twitter. Oh shady as opposed to sultry. Yeah Like sultry. Is it RFID? I have an RFID in NFC Are you worried about getting cloned? No, because I actually clear them before I come here Really? Yes. Anytime I go to a conference. I clear them out. And what's the power source? You know what? That's a great question. I can't remember right now. That's like true to God I don't remember. No, no, I mean they ever run out of power No, it's passive because they're tiny. Yeah, do you want to touch it touch it? I touched it already You have to touch it. You have to relax your hand. Don't poke her. Yeah, don't poke me. No pokey. Relax. I can't I'm so nervous You have to touch it Cuz there's two It's really cool Really? I everybody wants the size of a grain of rice. No, I don't want to put them are ones a little bigger than the other Like a large grain of rice and a small grain of rice. So Nina, how long have you had them since February? Yeah, I touched it you did so proud of you. You're so pink right now. I Touched it this morning. So that's just weird, you know, it's happening up here, right? It's just so weird, but it's cool at the same time I kind of like it and so you program them how because you say you wipe them and then you can reprogram them, obviously Yeah, I have a oh god. I'm so blank right now. I'm so sorry. I have a well It's not like you've been doing anything for the last four days right I have a Circle thing that I use and I program whatever I want on to it Then I put it onto my hand and it programs it into it. Is that the technical term circle thing? Yeah, cuz I can't remember what it's called right now in my head. I see it I probably have a picture of it on my phone. So essentially Um, if I go outside and I'm talking to someone and I don't have cards on me because I lost all my cards right now I can take somebody's phone and say, okay. This is cool. Let's continue this conversation Here's my contact information gotta go And then they just contact me later. It's a lot easier than having to sit there and write my email into someone's phone So besides proxen so you have like a business card in one the proximity security in the other mm-hmm It's actually in the same one. Oh in the same one, but you have to yeah, I don't use my NFC that often Okay, I'm still Tactile So Nina tell us what you did this year tell us about your village and how it went Sometimes the lines were longer than the sky talks And that made me super happy if you're being a first-year full village. I thought that was great and super awesome And where where were you located? If you went to the 26th floor all the way down the hall to the left So just step child all the way down and was that a good location for you or not? You know what I'm gonna be totally selfish in this. I'm gonna say no because we had to clean up constantly for the parties. Yeah Okay, yeah, so but you still had lines so headlines I was always curious because I know they tried to put a bunch of people up on the 26 And we were curious about how it worked out for them with that. There's a lot of congestion. Yeah, yeah And you had a contest this year, right? We did have a contest so if anybody took a Fitbit and Just manipulated it to do something that it wasn't supposed to be doing as far as monitoring body functions things like this body hacks Which is another? Conference for bio hacking is giving away prizes for that. Oh That ends at 12 today And it's up on the 26th floor. You have to see Susan for that So you have an hour and 15 minutes if you want to compete in that. Yeah, and how long if people want to get implanted That starts at 1130 So it's probably gonna go for half an hour to an hour, and then I'm shutting the village down So any questions from the audience for bio hacking? Yes Okay, so the question was how do you get an implant? I'm gonna can you hold down? Legitimately the needle is about that big but the no no no there's a reason there's a reason So the implant goes over here you have it's the fleshy part of your hand, so it's not interfering It's not interfering with anything You can actually see my scar, but it you literally have to look for it The boar is not that it's not that big to me. I have gauges so It's just a needle It's just a needle So the more the better question is how do you get it out? um If you want to touch it later, I'll let you guys touch it touch it Touch it. Everyone in the room is gonna touch Nina. Hashtag touch Nina It's totally legit it's right under my skin. I feel like if I got a cat scratch I can just push it out That's literally where it is see the cutting you to get it out. It doesn't bother me the needle kills me Jimmy to bring one. I should have brought one for you. Oh, so thank God. Do you guys want to see that live? I can call them all. Oh, we could do a live implant for Chris do it do it not on me. I don't want any. Oh No, I someone will volunteer here Let me see if you let me see this guy right here Jim more. He'll volunteer. We got two volunteers So if you want live here, so if you want to do a live demo, oh, yeah, okay, so well, she's taking care of that Let's talk to thank you. Let's talk to tie about hardware hacking So first of all tell us about what it is and what you did this year Hardware hacking we've been around nine years this year, so it's been a long time going awesome lost 10 years ago ran around the conference Trying to get people to get into hardware There's a lot of software people here at the village and the conference and hardware is the foundation of that So understanding how hardware works and being able to manipulate that makes it so that you can actually do the software better He so he ran on the conference trying to get people to assemble robots And they sat down the middle of a contest floor and assembled robots So the next year they gave him some actual space with some hardware. We got solder irons and lamps and all kinds of tools to do soldering and desoldering And the general idea is we provide a platform for people to come into the village or and bring whatever they bring There's lots of contests now that have badges that need assembly Or parts that are fixed we have we repair a lot of things for people. They get broken. I've seen a number of phones They come through people like hey my thumb drive broke. We really needed to work for our demo I have a really serious question. So some guy comes to you in Def Con With a thumb drive and says can you help me repair this? Yes? amazing, huh No questions. No questions asked and then you test it by putting it in your computer. No, they test it on there So we've been doing this for a long time When we first started we did a lot of teaching People trying to teach people how to solder. We still do a lot of that. We're trying to get grow that beyond that This year we had a lot of people who brought badges that had been they had attempted to solder their first time and and Didn't do the best job had some problems either in putting pieces of the wrong place or Components that had broken so we're trying to figure out how to help people to take that to the next level over the years to to be able to Troubleshoot and repair the challenge with that is it's that's a skill you gain over time Yeah, an experience so so does someone have to have experience to come to the village or you actually training people We're actually training on spot So you can show up the hardest thing is bring something to solder with we have again We have equipment. There's a number of different places that sell different kinds of kits We've been trying to get a vendor to supply more than 50 def con supplied 50 little jack buttons this year It's fantastic that they sold out very quickly, but they were good that people were selling them So we're just bring something to solder and we can we've been teaching people as young as five That's phenomenal. That is dangerous. It is dangerous But how awesome what it's what a skill for a young person to grow up with absolutely I didn't learn that until I was much older and I still stink at desoldering things. He's a lot harder Yeah, I tend to burn my boards up and stuff. I should come to your village and get a training session Where are you located this year? We were out on the contest floor. So this is our first year We were right out amongst everybody else. How was that noise level and all of that noise level was a lot different It was hard to talk to people. We had CTF banging in the background Hacker jeopardy and a number of the other contest do going on. So we had a great time Other than the novel noise level. We had a great time. Yeah help people come and go a lot Soldering creates a lot of heat and so it was nice to have a big space to dissipate that heat into and your space was the air conditioning working Or was it working the whole time? That's wonderful. That's fantastic Those of you that were in here. It was like a sauna sometimes, right? This is ridiculous And the steam was the the body moisture. It was pretty gross. Yeah, just want to say Yeah, so contest so next year you'll be back against will make ten years. This would be ten years We're gonna try to something really big next year. So well next year be ten or well next next year will be ten Ten year anniversary is a huge. Yeah, it's a huge deal. You have to throw looks I'm kind of We're we're in the works already awesome. So besides the soldering things like that. What's the goal? What do people learn with hardware hacking? The biggest goal is to make them understand that everything works on hardware and hardware is just about as easy to Work with as software There's there's different set of rules and different set of tools that you need But it's not it's not any more complicated. Are you learn a handset of rules? You know don't burn yourself number one. Don't light anything on fire with the solder iron. That's number two so With that you start with some simple projects that are available all over online There's a number of vendors that provide kits that are pre-manufactured to just have to assemble And then you start learning about how electronics works and you can start making devices that do the thing you want to do That's really cool. I've been concerned this year My phone is old enough to be aging out with a 2g death So I haven't found a phone that I've liked but I've finally found a modem that works with Arduino So I've been working on designing my own phone So I know exactly what my phone will do because I programmed it and I manufactured it. Wow That's a little crazy that would that would be your 10-year project to make their own phone. There you go Very interesting any questions on the further from the audience on the hardware village Hardware hacking village. Yes. What was the coolest thing someone made this year? There was a lot of dark net badges going around I didn't get a chance to circulate as much as I have we were trying to work on With the rest of you we get the badges at the same time So we spend some time trying to help people Reverse engineer the badge to get it to a point where they can flash I'm not sure if all of you have heard about the different problems we had with disseminating badges with the conference But a lot of them got badges that were blank So we spent a lot of time trying to figure out how to get a dev system up and going To be able to flash that this year. They were a little more challenging with using JTAG and no connectors for the outside So we spent a lot of time in that I spent most of my time working that type of a situation We didn't get to look at too many things But there always is there's a the one of the most interesting pieces of the hardware hacking village is the source pile People it's a very organic thing. We have some tables that get set out We initially put some things on it and throughout the conference things come and go We had everything from scuzzy terminators to parts of screens and all kinds of different devices come and go sounds like a lot of fun It's a lot of fun. Yeah, so look forward to seeing what you come up with next year. Yeah, yeah Awesome. Thank you So is there gonna be live needles anytime? Oh boy Okay, so let's talk about some social engineering while I can still talk and not not get faint out of Just makes me so weak needles are not my strong suit. I can never be a phlebotomist I can't wait for this. I can wait for so excited So actually now talking to can I pause you really? Yes. Can you do what? I'm gonna go get him Okay, I'll be right back. Yeah in like five minutes take all the time in the world Take an hour. He's old. Yeah So we had a this year we had a really interesting kids event. I was just thinking Where's the man that we should we should do something with the hardware hacking village next year? That would be kind of cool to tie it in we had this kids event this year where? Because it was rise in the machines. We wanted to tie in robotics with it But we really have no skill here to teach anyone how to solder or build anything you should stop by we should so we found a Do you have one of them handy? No It's a simple question if the answer is no it's no Jim don't take an aggressive body language Amanda's face did you see the stress? No, I don't need it. That's fine, you know Just disappoint everyone in the podcast. That's perfect. It's perfectly fine. Jim. I don't need anything The little bits okay, so it's a company called little bits and they make Robots that you don't need to solder they actually use the the breadboard and things connect like Legos To it and it was really interesting. We thought we'd give it a try so the the kids had to solve ciphers and puzzles and Critical thinking exercises and every time they did one they got a piece of the robot and then they had to They had to put it together at the end and then we had an obstacle course in the hallway back here And they had to race them in the obstacle course And it went really well except for a couple of the kids that had mental breakdowns. There was a few There was a few mental breakdowns, I guess from what I heard and some fistfights, but besides that making kids cries what we do Yeah, we take the most joy in I think I think I think that should be the motto for us Social engineer social engineer village making children cry since 2009 Security children's tears collect those so here's Hannah Okay, Hannah is the nicest person her nickname is like ticker because she bounces around the room as the sweetest face She smiles non-stop. She's always says ma'am and sir. She's the plan that she comes out with that Security through children's tears will make the t-shirt for next year. I should be the secf theme for next year is security through tears I Like it. Yeah, I like it, but it wouldn't be cool to tie something in definitely, you know Till I kind of have them have to come and solder something together effectively and let's work with biohack and inject the children We could microchip them, you know and then track them just like we do pets Yeah Yeah, see lots of good ideas being generated here. No, it's not good. We're not injecting children with technology Come on. It's this is so weird. It's cutting edge. Why would you want technology in your body? We're setting trends. It's not a trend We're making kids cry then, okay We'll settle on that Yeah, I'm seriously we might as well take the kids line them up and hit him with a bag of oranges multiple times then inject them No What is wrong with you lots of things what is wrong with you? We don't hit children with oranges then inject you're the one that talked about beating children I was just trying to make you stop talking about needles. I was just talking about making them cry. Yeah, no, you weren't Talking what did you channel the spirit of Dave? No, he drank too much last night. He can't keep up with me this morning Not true definitely not true. He's like you channeled your inner Dave. I'm possessed What was that? That's just the way make their injections tamper proof. So great things will never be the same That's just the way it is. How come you couldn't sing like this when I sent you on that gig? That's actually good. Just the way it is Blobby blah, I don't know the rest of the words Wow, I think she drank too much She had a tiny said that's too much way too much obviously She's singing. I slept like three hours. You know, there's going in the def cop video. Oh my god I'm so glad that she did not know that nobody told me that this was taping. I'm pretty excited about that And then Everybody knows the story behind that one. No, I don't think everyone knows it. I'm really sorry hard. We're happy guy Well, we just totally taken over from you. Yeah, we're just quiet in there It's just really crazy, but it would be lovely to partner with you next year for the kids. Absolutely See how I just transitioned right into something that sounded kind of professional Can't can we can we can we mix in? Biohacking hardware hacking and tamper village with the kids so we wrap the kids in a tamper-proof box that they have to get out of Once they get out they have to inject themselves with a RF. I'd have to inject themselves And then RF. Oh, no, I have a better they have to inject each other. Oh With RF ID devices and then we beat them with a bag of oranges No, no not yet Then they have to go to hardware hacking and solder something to the device nice that they just injected them so And then we beat them with a bag of oranges. Yes for fun. That is all they solve Next year all they solve ciphers. I like it. It's the best plan ever look at Micah's face. He's so there He's my next year. Please make it old. You're contestant number one. Yeah. Oh, yeah See he's down that kids down for everything though. He's awesome. So Thursday. We ran the mission as the impossible here And last I don't know if anyone saw it last year it was it was like a disaster a piece of wood with a lock in it and You know and we had a bunch of laser beams that were way too powerful for humans to pass through like Learning people's eyes. Yeah, Mr. X built it and he used like 40 megawatt lasers, you know, it was like Star Wars and And then we had some other stuff we had some handcuffs well this year We hired a guy who loves to do he loves he's like a maker at heart and we said Brian here's my vision make it and he did and it sits in this little pelican case, which He took an old ammo box and he put three locks in him and arduinos and pies and all this stuff and it was really really cool, but We had a rule that if you're competing you can choose one lifeline But last year when we did it we said and you can have a lifeline people would be stuck on stage And they would look out at the audience and say who can help me and nobody would help them Yeah, I'd lose her so this year. We said let's make you have to pick your lifeline ahead of time So you have to say, you know you can you be my lifeline and that way if you called that person knew that they were running up on stage So it just so happened that One of the guys picked this young man right here Micah to be the lifeline and he literally walked up on stage Touched a lock. I'm not even kidding. He put the thing and he went and the lock was open So after that every person she's Micah for for their lifeline, it's a whole audience was like, ooh Yeah Oh, oh Nina's back. I was back. I don't see a needle. So I am happy happy happy happy be be Well, what's your walk up the aisle? Oh? She's taking my find him But I did talk to him so he's coming. Oh Okay, so continue your story about Micah cuz he's awesome. I Can't remember something about needles. No, no, no Micah touch the lock Oh, I could touch the lock and it opened and then and then it was his dad's turn to compete and He calls his son up to crawl through the nasty floor under the lasers. That's how we used this kid, right? totally said yeah, yeah kid you crawl on the floor under the lasers and And then he won So good job, man. Nice job on that. You were the winner for that mission. That's the impossible And happily it was the first year Defcon asked us to submit the results to them for that So I don't know what that means, but you'll be like on the board for you know that competition It became a legit competition this year for all posterity lane. Yeah Congratulations, you'll be known as the guy who let his kid crawl on a Defcon floor He's got so much DNA on him right now, and we can probably clone the human race off of that kid's face Do you want to? No I love this girl. She's awesome We can do that and then create faces out of this you want to do it. Okay, look could we have to peel his face off first? No, no, no, we can just take the DNA and create the faces that he Whatever happened on these carpets. So there is a face-off machine Kind of weird awesome No, I don't think we should do experiments with children. I really know just the DNA You were ready miss when you were great idea I might swab the carpets before I leave you you already missed when you left Michelle came up with a new kids competition next year about Locking children in the tamper-proof box and then having to inject them with RFID chips and then solder things to themselves No, no, it wasn't Excuse me security escort How dare you remember things properly Okay, that was Thursday Thursday was a good day. It was fun. I don't remember Thursday I remember Thursday Thursday was fun Thursday was fun. We had how many Amanda? Where's Amanda? How many people signed up? 120 people signed up. We don't do it online. We do it like here, and then we drew out of a hat 10 people Hey, I'm all high come. Oh, no It's the needle man someone the needle man is here Don't I don't I don't like you. I Am I think the hardware hacking goes and take the opportunity to step out and start packing. Thank you for coming Thank you for coming So I just have a caveat he actually has to be upstairs in 20 minutes, so we got 20 minutes to do this How much did you have to drink last night? Well, it's it's how long did I sleep after I stopped drinking so enough time enough time. Did you drink this morning? No, okay, we're on Who drinks in the morning? Okay, I guess that was the wrong question for deaf guys Why I'm not getting it done. Oh, okay Okay, you get swap chairs all you want as long as needle boys stays over there If needle boy comes any closer, well, I might have to Needle boy I Reach for everything with my right hand Yes throats crotch, you know, sorry, this is PG 13. All right Okay That's a good question from Lance is will TSA see these and will they care? No, the TSA does not see the metal sectors the scanners the millimeter wave radar I have four implants right now and and they don't care. It doesn't show up. No I can make you It's actually it's it's not as big as everybody thinks it is no you're not getting Yeah, it's so little he has to pull out a freakin blood blanket For the potential Flesh wound that's about to occur. What are we doing in the SC Village? What is happening making history doing awesome stuff? These people here to talk about Biohacking Why do we have this idea Michelle and invite people why? Maybe we should have talked about what I was gonna talk about no I think it's better to be unplanned because if you guys all want to come up and take pictures I'm totally cool with it because this is something neat that you're not gonna see very often Yeah, I'm gonna go sit with her I'm gonna hold your microphone Yeah, you can narrate here, let me narrate a needle came out Chris puked Chris has passed out people are now undressing Chris Chris is gonna get planted in his butt with an RFID chip Can you hear me? Oh, you can he's putting so if you do get your implant in your butt You're gonna have to dance every time you go to work to get the door to open Even on your bad days, it's just never gonna be a bad day just watching you try So this is chlorhexidine it's alcohol and Death is what it is a little bit of death for death for bugs. That's for sure death What are we doing here? This is like a once-in-a-lifetime opportunity man It doesn't matter if it's me hang on let the short one through she's so tiny and small and cute Yes, so this is ISO 1443 a and NSC type 2 compliant So what exactly are we what what exactly are we implanting in my body? Don't you think you want to know that first? We'll tell you after I jump and then I ask oh For the love of God, it's like when you parachute right you just go no Why do you think I'm gonna struggle and scream no Nina can you all in all seriously? Can you describe like what is going into her body? What is it happening? Okay, so well, I've just applied chlorhexidine that takes about 60 seconds to take effect during that time I tell you that when we do the Installation then you're gonna need to keep the bandage on you know keep good pressure for five ten minutes until it stops bleeding Then keep the bandage on for an hour or two if you can if it comes off before then that's okay Because it's it's not bleeding you just let an air dry a little scab will form and then that's the end of your risk for infection so For about two weeks your body's gonna encapsulate it in fibers tissue and during that period of time It might have a little bit of a Sun twitter am I have some inching or whatever that's okay. You can inch it but but don't press it or push it or try to Move it around After 30 days and you can do whatever you want jiu-jitsu grab and crotch is whatever you want to do Four to five hours after installation you can go to pool all that kind of thing if you ever need to have it removed We didn't we don't put any paralleling coating on it The doctor get a glove put on and then you push your finger down on the bottom side when you do that You can see it pop up, okay, and then they make an incision come up So pretty straightforward. I can shower wash hands. Yes. Yes by tonight. You can do that. Please let her shower Yeah, that would be good for everybody actually Start smelling like a farm animal Oh you said wild animal Okay, it's like the needle's 11 gauge the needles what 11 gauge Just take a breath in and out And here we go all mother of all mothers and things that are bad More don't jiggle it in and out That's it that was it So so now you can speak ISO one four four three a and then if you type to you can talk to machines And essentially you have a tag that has 888 bytes of user programmable memory It has a seven byte UID and you can have there's some other features in their password protection I can run the dangerous NFC app from Android and that will do some protections and set the password But yeah, like mine mine has a v-card in it for my business card you could put a rick roll video in there if you want My favorite application honestly is just the door lock like getting rid of my keys so I start my car motorcycle So take your finger put it put it here You can use any NFC phone to program data on to it, but in the locks and areas It's just gonna read the UID so you don't need to program anything you just tell the lock I'm adding a new tag to your inventory and Then you scan it and it's in there That was cake it was really now I wouldn't say painless, but simple I got them both done within what 18 hours apart hold for five minutes. I was writing. I was doing everything Me princess, thank you, Nina I I'm going upstairs to do more stabbies. So yep by hacking village. I'll be there for until I run out Many more So really quick there's about 10 kids left and there are people upstairs waiting just fly So if you go and go now Everybody give a hand to Nina and her partner. Thank you so much. I can't even clap What has happened to this podcast like the worst podcast ever I'm gonna slap that next to you again. No, you need a hug I'm really gonna puke out on you. I'm gonna vomit on you. So while you do that I'm gonna do like another really quick plug for biohacking while I vomit I'm gonna talk about genetics and if you do vomit, I will take a sample How interesting is this topic I love what I do I'll just have your face. So Yeah, because there's actually a woman her name is Heather Haggerty doing she walked around New York City Picking up garbage. So I don't chew a lot of gum and I don't smoke with people that do just toss it on the floor She would pick it up walk around pick it up sequence the DNA and make masks out of their faces So you can walk into her gallery and see yourself. It's that it's that serious So disturbing so I really try hard not to touch anything and even when I go places I'll wipe it down like knock my hair out or whatever else is going on When I go to the ATM, I do one of these so no fingerprints are left behind I have tons of information, but I have to go upstairs. So my apologies, but um, yeah, check it out They got like an hour left Okay, I gotta seriously. Thank you for coming. Yeah I'll keep you updated on my progress Does she have to need a special device to program it? Yeah, can you use your phone really is there an app to do it? Um, it's I think it's called dangerous app. I'll text you Dangerous dangerous app on my phone super creative. Don't you think you should have asked all of this before he actually said it So if I couldn't read it out, I'll just reply to you. Okay, cuz this is how we communicate Thanks, Nina I Now feel superior We are born not touching you you look terrible I do I Feel terrible. It's my weaknesses needles So for David's clowns and for you it's needles. Yeah Yeah, thanks for telling the world So let's talk about the rest of the weekend. Shall we? Yeah, sure So there was some s.c. Stuff And there was lines and then there was needles and that was about it Stop seriously, okay? Actually said nice things about me and now you're treating me so badly. I'm just teasing Okay, so Friday and Saturday. Yeah, we had our our flagship contest the sectf We had 14 contestants and 14 target companies and a set of informational flags that we asked our contestants to try and obtain using pretexts that were Let's see non-threatening non-sexual, you know to try to get information out by being nice people and we had some Awesome contestants both ladies and men and it was pretty clear though after a couple calls on Saturday Who was going to be the master and mistress of the universe it did become evidently clear and I think we should just mention and not to pick on any one person But there was a lot of questions that came up afterward about how we determine if a pretext is Manipulative so our rule of thumb on that is if it induces fear in the target or Anger in the target then we consider that a manipulative pretext, right? So our motto in our company is that you can do all of these things and leaving people feeling better for having met you Anyone can learn how to use manipulation. I mean anyone can do it and it's easy and it works every time But it takes skill to learn how to do the same job and do it with influence as opposed to manipulation So we want that to be part of the competition too So if we hear something that you know where people feel that we it sounds like they're very afraid While they're talking to the contestant And some of you were in the room that did happen. We cut the call now Sometimes we feel like we should just cut the call but in certain cases Cutting the call would actually damage the target more so we tell the contestant to fix it, right? We tell them stop what you're doing Tell them everything's okay, and then end the call politely and that happened this weekend once So, you know, we really really take it seriously. We don't want anyone feeling and then we even made the contestant call the guy back Yes, you know, we made him call him back and say that it was just a mistake and everything was fine You know that this this competition is not supposed to be about You know proving that Joe Could be manipulated or Sarah could give up information It's the show that social engineering is a very valid vector and it works across the board So we don't want it to ever be making fun of Other folks, you know and when Def Con asked us Def Con 17 when they asked us to make an SE competition The reason that they asked us to do it was because the present SE competition Was doing just that you know people were getting on stage and they were making calls to like college girls and getting them to give their credit card numbers live You know right in the middle of Def Con. I remember hearing that I was there for that And and it just it's not good, you know I mean it's not it's not positive and it doesn't really educate and it's just something you can point and laugh So, you know, we wanted it to be an educational event that we can learn from so Hopefully that answers that there's other questions on that. I know we got quite a few after that call If anyone has any questions on that we can talk about it more answer Okay, but now let's move to the more positive side. So it was really clear who was going to win After his call It was really clear. I mean and without mentioning too many details about the call Let me just tell you a little detail about the the scoring which I have here For any of you that have been here multiple years, you'll know this is the first time we ever did this Like actually talk about the scoring right after usually we make you wait for the report and the announcement so we're changing some things but our winner again Taking a monstrous lead Chris Silver's by the way Chris So the breakdown was Chris actually had the highest score for reporting One of the highest score for this time, but one of the highest we've ever seen there's 218 points For the reporting now that is basically every flag that a person can get on the report Minus one. Yeah minus one that he couldn't get So every flag that you can get because there's flags you can't get on the report like you know Go to a fake URL because they're not allowed to communicate so there's certain flags They can't get so 218 represents that he found literally every flag online somewhere, which is pretty scary And then the call score was 924 points during three calls Yeah, so a total of three calls 924 points that is ridiculous All right, and and I just to tell you how the pretext went because I thought this I thought this was really a genius plan We teach something that's called are using artificial time constraints So if you tell people like I have a 15 minute survey, can you talk to me? They go out of time, right? So but if you say look I got five questions. I need to ask you They'll take maybe two minutes. Can't you know, can you do that? Most people say yes, and that's what he did He said I got five questions for a survey that we're doing for employees about their work environment Can you take time for that and there and everybody talked to yes Sure, I could do that and then at the end of the five questions because they were all like non serious like how how long have you Worked for the company, you know, what are your pay dates? What do you have normal break times? You know things that would wouldn't be too serious Then he said look for your help today. We want to we want to gift you a reward card So can you go to this URL and he sent them to a dead URL which we approved ahead of time, right? so we knew it was 404 there was nothing on the page and And the the target went to the URL and said it's not working Right all I get is a message saying the page doesn't exist and he goes oh man Maybe there's a problem with your computer and at that point is when instead of the five questions turns into every flag Can I check your browser and your version? Can I check your operating system and your service pack? Can I check your PDF reader because that may affect a website? Can can you tell me about your VPN? Maybe it's your VPN. Oh, let's check your antivirus I mean he literally went through every single thing by the way. Do you have a cafeteria? Yeah, it was ridiculous as he's talking It's like oh, so do you get a chance to use the cafeteria there? You know when you're on your breaks They're like, oh, no, we don't have one. Oh, that's too bad. So what operating system do you use? It was like totally stupid, you know, I mean, I was like sitting there go Why is she answering these questions? You know and and it just worked flawlessly because again, he started with that artificial time constraint It's a beautifully done job and at the end the contestants or the targets felt good. They didn't feel manipulated. They didn't feel Damaged scared they helped take a survey and there was absolutely no reason for them to worry about their job or their weekends So I think I mean we're not gonna say we're gonna do this But I really want to add like bonus points next year for for quality pretexts You just said that that though, right? Yeah, I didn't and then you said I said I said what I meant Okay, so here's what happens. I I think while I talk you you talk to think I talk to think and That means I'm thinking about doing that and now I said it so we're gonna do it Okay, so it must be so next year we're gonna add bonus points for quality pretext because I think that will also encourage Contestants to not think of manipulative pretext but to think of influential pretext But you know what was also cool is that in past years pretext like student and survey Haven't been that successful and this year we found both of those used extremely well And I think it was kind of how the contestants tended to frame things and set up the situations and really they got really nice results And then our second our second place winner is Rachel Tobak right here. Hey Rachel So before we go through all of her score and stuff the interesting The interesting thing about Rachel is that up to up to a year ago. She didn't even know what social engineering was Then she came to DEF CON last year, right? With her with her husband and heard about social engineering and said I maybe I should give this thing a try Signed up made a Unbelievably psychotic video. I mean it was if you guys were here for it. It was really scary if not I should I should play it again for you later. It was Yeah, I don't I don't I don't have out to there and if I say that to Evan now he may cry So we won't we won't do it He would just give me this thing guy, but it's a really psychotic video We actually should play it at some point because it's been that psychotic I mean Michelle's head is floating around the video at points my face is on the video Kevin Mitnick's blows up on a train She's in a bed with a bat screaming like she crawls across a table I threw that as a guy who smashes milk jugs on his head There's like so many things that happen in 90 seconds. I think she really we were scared of her laughing and terrified at the same Yeah, we were like that was sort of Please pick her she may come to my house and kill me if we don't so She got in the booth with zero experience and her report score Now remember I said that Chris's was one of the highest we've ever seen at 218 her report score was 190 So I've never done an OSINT before and not ever doing social engineering She located 190 indicates about 70 75 percent of all flags Right 70 to 75 percent of all flags that one confined she found on her target So that's pretty impressive if you ask me and then her call score was 864 so not even a hundred point difference in between Chris and Rachel on the call score, which is really really impressive now again What a beautiful pretext this was is that she was a fellow employee traveling to the branch that she was calling and Needed to get information on the location so when she came That that she can you know make sure that her computer was set up and she knew what the facilities were like so she was prepared for it and And the best part was she went through the list of things I mean she asked all sorts of stuff, you know, like all sorts of I want to set up my Wi-Fi I want to do this, you know, what kind of computer do you use I have this do you use that and a lot of I Want to say it's like deliberate false statement Because she would do things like so I have this old MacBook Pro is that what you have and she would go no no I have a good thing pattern And then she did this nuts thing where after she hung up she called the woman back and she goes look I got to ask you this really serious question. My parents are super Yeah, super crazy, which I was like that makes sense. Okay, and and I got bit by bed bugs once So I need to know who does your pest control Right in the facility so I could check on them and make sure they spray for bed bugs and the one was like Oh, that's terrible. Here's the name blood right and I also have like every food allergy under the sun Can you tell me who does your cafeteria food so I can look them up and make sure they have vegan and gluten? You know menus and they should blood but just like and she went through this like weird list of Like she's like, you know, she's obviously Has crazy parents hates to travel can't eat real food is afraid of bugs You know wants to know oh and my parents are super worried about my my safety What security guards have you hired? To be on the facility and what company I want to look into them to make sure they're good I mean it was like the most ridiculous question that ladies kept answering just kept answering. Yes That's right Yeah, so that's a good room. That's a good memory the woman actually left her desk went outside to go check Who would the security guards worked for and came back in the teller? I mean, you know, this is the kind of stuff when you build a positive pretext that is report building Then this is the kind of effect you have is that people will go out of their way for you You know, it was really phenomenal to see. Yes, ma'am Yes So that's such that the the comment was about how much she appreciated the URL being being mined And you were the one that said you had to take the training. Yeah, okay. I thought this was really not I don't think we've ever seen This before no, it was really good She goes I have to take some security awareness training My boss told me I have to do it and I need to make sure the website works When I come to your facility, can you check it for me and the woman goes I think it will work But you okay. I'll make sure for you I don't want you to be worried about it and then she typed it in and on top it says security through education and She goes oh, there's a video here. She starts playing you can hear the music my music in the background for the video you know and and and she's like oh, yeah, it works that loads everything runs and Rachel's like, oh, that's good. Thank you So there was no fear for her because when she went even though there's a big human head on the top and it says social engineering Defcon competition, no huge banner. She's like, oh, you're your your education will work when you're here next week It was like what is happening? This is a person who knows nothing about social engineering and she's like and and then the next score the next score below her is 875 so almost a 200 point difference, right? So nobody was even close between that so really impressive The pretext and things like that. I thought so questions on on that on The on the events anyone had any Okay, so let's talk about schedule. Let's talk about the schedule. Yeah, which schedule for next year Oh when we're doing all of this all over again, okay? Oh Schedule for today. So, you know, we had the podcast. There's not we always debate. We're doing other things But here's what happens. They move the the ceremony time up. I think it's four. I think I think four four thirty So it's two or four. I saw you held jobs only saw two fingers. It's 4 p.m. 4 p.m. So 4 p.m You know time for the Sarah closing ceremonies that gives us Let's say from noon to four only four hours to pack everything get things shipped get things to Billy's house So it's it's not something that we really have the time so for today for us We we kind of do this and then we you know people can stay in the room and chat we do You know we we we talk but we pack up and then we do closing ceremonies and then we go away and we go home and we we cleanse our livers and our souls and Sleep for a week. That's actually a total lie. I will be working Tuesday morning And then next year we start planning we actually start planning next year right away But you know what before we move on to that Amanda Berlin's here. What's deaf con photography? And we told her that Amanda come on up. Hey girl. Hey girl. Hey She's gonna say hey back. She hates you. How you doing good? Good morning So how was deaf con this is your first year doing this right doing yeah Yes, you have photography for deaf con. Yeah. Yeah, so how did it go? Amazing. Yeah. Yeah, absolutely amazing. So first tell us a little bit about you so we know you How much well not how much are you comfortable telling us? I'm a member where PG-13. All right I'm a security architect from Northern Ohio. I've been doing security related things for like 10 years This is my third deaf con first. I'm going in Wow after two deaf con you decided to goon, right? You hate yourself. Yes. Yes And from my understanding you just wrote a book Yes, I'm in the middle of writing a book. It'll the physical copy will be out in March But it's up. It's pre-release right now already on a Riley's website and it's already on safari books So you're releasing parts of the book. Yeah, that's how they do it So they they do a pre-release so you can buy it and get chapters as they come out and give feedback for the book That's kind of impressive. So tell us the name so everyone can write it down. It's called the defensive security handbook It's Basically if there's so many companies out there that have no security program or a very young security program where You know the tech guys like oh security is now a thing. Here's a security department We want you to fix everything and they don't really know where to start so this is to cover all the Different verticals that you would normally find in an enterprise Also, and you said March is when it will be out fully in the physical now They can just kind of get a chapter at a time when you finish it right awesome. Yeah, that's really cool I never heard of that happening. So that's kind of me if anybody's interested. I still have coupons for it So it's like 25% off the physical copy 50% off the online. Yeah, you can leave some up here or give them out. Yeah So def con pictures, what is that like you literally just walk around and take Pictures of everything are the things that you will never be able to unsee every def con there's Because you guys have a pretty decent Slide show during the closing ceremony right right? So I would imagine you're not the only photographer because we saw others right there's about six of us now Must be like thousands of pictures. Oh, yeah Yeah, some of us some of us take about a thousand a day Wow, and then others like I think I only took Like three four hundred yesterday. That's amazing And then you have to go through all them filter them find the best ones right right get them up for the slide Yeah, so a lot of work and I think we had several people do video also this year take video of Various things. It's not okay. Go ahead. Oh and those will be up on the site, right? Right in a couple months. Yep So how was the def con this year how I had it run we were in here So I don't really know anything about the outside world just this room. Yeah, this is room. That's all I know Everything went off great I think they did a much better job of managing crowds awesome than they did last year and I mean everybody that has goon Was just fantastic Great, so Awesome. We look forward to next year then. Yeah, definitely. Thanks Amanda. Yeah. Thank you Thank you for stopping by and again Amanda's book when you have any questions She'll stick around for a minute and yeah have some funsies to hang to hand out right? Thanks. Yep. Thanks guys Okay, so we don't have a plan yet for next year I don't want to promise anything because I swear if I do my team will kill me But there will be some changes next year some new things. I'm sure will continue with the sec tf the kids events Will be announcing things so if you want to know more the best way is to follow us human hacker on Twitter Sultry Asian or SOC engineer Inc For the corporate Twitter the website also we we put everything on there So social desk engineer org or social desk engineer calm That ton of questions from people about our training schedule 2017 is the only training that we have open everything in 2016 is sold out So there was absolutely nothing left except for a o-sync class in the UK In November that's the only thing that's open in 2016 everything else is sold out So we the training schedule for 2017 is already on the corporate site So if you have questions on that you can ask or you can just check it out there What am I missing? Okay any questions for us no Then thanks for a great DEF CON guys I mean the village was just amazing this year you guys kept lines from here out to the elevators almost every day Multiple times a day. I love it when the hotel and DEF CON are complaining about that that makes me happy And you guys been blowing up the Twitter feed with with great news about SE Village So I just I really really mean this. Thank you so much for making this another phenomenal year until next year We'll see you then. Thanks guys