Hackfest Social-Engineering Contest 2024
Prove that you can social-engineer anyone in English or French.
Get in a booth in front of a crowd, do a phone call to a known company, gather multiple flag by only asking them question by voice… and win!
What is Hackfest Social-Engineering Contest?
A social engineering contest by telephone where the participant must obtain privileged information via engineering discussion techniques. The goal is to get an X number of information and the best wins!
Funny, interesting and stressful, will you be up to it?
Schedule
Day 1 - Friday
| Time | Title |
|---|---|
| 08:30 | Village opens |
| 08:45 | Opening remarks/rules |
| 09:00 | Contestant #1 |
| 09:45 | Contestant #2 |
| 10:30 | Contestant #3 |
| 11:15 | Contestant #4 |
| 12:00 | Speaker: Ahmed Shah, Kevin Tremblay, Kyle Falcon, Mathieu Quirion “Beyond Technology: Real-World Social Engineering Tactics and How to Safeguard Against Them” (Sponsor talk, presented by Malleum) |
| 13:00 | Contestant #5 |
| 13:45 | Contestant #6 |
| 14:30 | Speaker: Shane MacDougall “ChapGPT for OSINT harvesting for the SECTF” |
| 15:15 | Contestant #8 |
| 16:00 | Contestant #9 |
| 16:45 | Contestant #10 |
| 17:30 | Scoring and announcement of round 2 contestants |
| 17:40 | Social Engineering Roundtable |
Day 2 - Saturday
| Time | Title |
|---|---|
| 09:00 | Village opens |
| 09:15 | Opening remarks/scoreboard Assignment of targets, and drawing of competition slots |
| 09:30 | Speaker: Damien Bancal “Le Social Engineering : du CTF à la réalité” |
| 10:45 | Finalist #1 |
| 11:45 | Finalist #2 |
| 13:00 | Speaker: Patricia Gagnon-Renaud “Je vous chercherai et je vous trouverai: OSINT sur des photos partagées publiquement” |
| 14:00 | Finalist #3 |
| 15:00 | Finalist #4 |
| 16:00 | Roundtable discussion Highlights, lowlights, what worked, what didn’t work |
| 17:00 | Winners announced |
Registration & Form
- Call for Participants: PDF
-
Call for Crew: PDF
- Send your registration details by email (Step 1 of the CFP) to:
shane @ hackfest.ca
Rules
Prizes
- 1st place winner gets an 2,500$ prize!
Results 2019
Who was a target ?
- 3M
- Loblaw
- CN
- Irving Oil
- L’Oreal
- Ceridian
Statistics
- 321 calls over two days; totaling 12.5 hours
- 66% of companies revealed detailed information (compared to 87.5% in the event’s first running in 2017):
- operating system
- email client version
- anti-virus
- internet browser
- told us they were blocked from accessing USB
- went to a website address given to them by their caller (50% in 2017)
- 100% of all targets gave out information detailing their video surveillance systems (a worsening from the 63% in 2017)
- 50% shut down attackers!!!
- Some gave information after saying they were concerned