Social Engineering Poetry Slam
Description | Listen to social engineering attack stories from fellow hackers. Presented in a poetry slam style! Or present your social engineering experience or fictional story on how to deceive or manipulate people. |
---|---|
Website(s) | |
Type | Other |
Kids session | No |
Keyword(s) | social, art, game, hacking, security |
Person organizing | Uebelhacker, Anna Fuchs, Ysf |
Language | en - English |
Other sessions... |
Subtitle | Slam room |
---|---|
Starts at | 2016/12/29 20:45 |
Ends at | 2016/12/29 23:45 |
Duration | 180 minutes |
Location | Hall B |
Subtitle | Orga room |
---|---|
Starts at | 2016/12/29 20:15 |
Ends at | 2016/12/29 22:45 |
Duration | 150 minutes |
Location | Hall C.1 |
Contents
Social Engineering Poetry Slam
Results
Slammer #1 Jacob: "Beginners Enginineering" 283
Slammer #2 Chris van't Hop: "mail from non-locked computers" 314
Slammer #3 Spip: "spit" 174
Slammer #4 Lyndis: "Writers Group" 257
Slammer #5 Ulrich: "Access Control" 235
Slammer #6 kolAflash: "Handling Hotlines" 357
Slammer #7 cyremur: "Project Inception" 232
Slammer #8 agnepix :"My1st German Poem" 349
Slammer #9 Daan: "You just need to sign off on it." 319
Slammer #10 noname: no title 235
Slammer #11 Walther: "icebear on stage" 323
Slammer #12 Oliver: "A story about my friend" 334
Slammer #13 Sorry: "Fuckhochschule" 457
Slammer #14 Björn: "Start-up Social Engineering" 315
BEGINS AT 21:00 CET
Listen to social engineering attack stories from fellow hackers. Presented in a poetry slam style! A poetry slam can be a novel research approach to find stories of social engineering attacks, fictional or experienced. This slam will give us a new platform to discover and discuss social engineering.
Or present your social engineering experience or fictional story on how to deceive or manipulate people in the attacker's malicious interest. How did you get social engineered? Did you hear from a social engineering incident or know someone who managed to detect and mitigate it?
There are many definitions of social engineering in the wild, in short: a human interaction needs to be present to enable the attack, i.e., dumpster diving is not social engineering, it's just gathering pre-attack information, but (spear) phishing or scams like the "Enkeltrick" are. The community discusses some persuasion principles of why people succumb to these attacks. Presentations can base on the principles of Cialdini or Stajano/Wilson (links below).
How can I participate as a slammer?
If you want to slam the hack out of our minds, you have 5min to present your attack experience, 3min longer if the audience wants more. You can decide in which form and style, but you can use your voice only: no beamer for slides; no direct interaction with the audience (and do no harm), no other "tools" like for magicians.
Because we have to plan the event, we would like you to register as slammer in advance. Please, write an e-mail to: 33c3-slam@datapirate.de [1] (PGP: 0xD42C10B0E28B80DC [2]) (Hint: You could use an extra e-mail address if you want to contact us anonymously.) Your e-mail must include the following information:
- your (stage) name or pseudonym
- title of your slam
- any anonymisation needed?
Please, appear 30 minutes before the event in our org room Hall C.1 (that is: 2016-12-29 20:30 CET/GMT+1).
Please, respect the privacy of others if you talk about sensitive information and do not incriminate yourself!
Please, pay attention that our event is in English, if you will need any assistance with translation, please let us know and give us some time in advance to help you with that.
If you have any further questions you can write us: 33c3-slam@datapirate.de [3] (PGP: 0xD42C10B0E28B80DC [4]) or you can call us via DECT during the congress under: 7526 (SLAM). For example, if you will have any concerns or questions, if you’ll need any help, if you’ll have any feedback or ideas, if you would like to cancel your participation, if you would like to communicate to our “medium” (see below).
Anonymisation Methods
This event is going to be recorded with help from the VOC Angels. If this does not suit you in any way, tell us beforehand and may shut it down for your presentation.
We understand that not everyone likes to present hacking stories in public.That’s why we offer different methods of anonymisation if wanted by the slammer. Slammers can choose between following options:
- Wear a mask
- Wear a mask and a protective suit
- Use our “medium” (another person) to present your story.
- Please, pay attention that the entertainment value has to be given by content and style of the written story. Amusement value will not be added by the medium.
How will the winner be chosen?
Every slam has to have a winner. Due to the short time, we will conduct one round only without a typical final round. The voting will happen after each slammer has presented. Every slammer says again the (stage) name and the title of the contribution, afterwards voting starts. We will choose the winner by the results of the audience's votes.
The audience can assess (1-10, and hopefully audience is not social engineered ;) the presented stories based on e.g., presentation style, novelty, creativity, feasibility of attack, feasibility of real-life experiments or scalability of attack. We will use a certain voting tool whereby everyone in the room can give one’s vote.
Links
- Robert Cialdini and his six principles of influence: https://en.wikipedia.org/wiki/Robert_Cialdini
- The Real Hustle (BBC three series, Wilson et al.): https://en.wikipedia.org/wiki/The_Real_Hustle
- Stajano/Wilson: Understanding Scam Victims -- Seven Principles for Systems Security: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-754.pdf
- Kevin Mitnick: The Art of Deception: https://en.wikipedia.org/wiki/The_Art_of_Deception
- our GPG public key: https://sks-keyservers.net/pks/lookup?op=vindex&search=0xD42C10B0E28B80DC&fingerprint=on