Welcome to The World Championship of Social Engineering 2014

The World Championship of Social Engineering CTF Rules and Info

Welcome to the 2014 World Championship of Social Engineering. Participants will have the opportunity and freedom to try out and conduct any and all social engineering skills and tactics without any worry or risk. We have created a social engineering sandbox for all of you to learn and enjoy.

Here is your objective:

It has come to our attention that one of the companies showcasing products at BSides Las Vegas is working directly with the NSA, to conduct everything from backdooring their products to passing on information directyl to the NSA. The target company has several employees at BSidesLV. You must find them and interrogate them. Through this process you must document your findings and find the mystery employee that is working with the NSA.

How this works:
The target company is Pangaea Security...(Plain and simple this is the ONLY target). Pangaea Security has been found to be providing services, resources and much more to the NSA and it's up to you to expose them and stop them. There are exactly 100 Pangaea Security employees attending BSides Las Vegas this year. You must interrogate them all and find the NSA leak/mole (Which is 1 single person). Scan each Pangaea Security employee's badge to discover clues and information to use to your advantage. Use Social Engineering in the playing field to accomplish these goals. Carefully document all of your findings and progress into a final report, which MUST be submitted to the email account of: feedback[AT]squirrelsinabarrel[dot]com by 4:00 PM on 8/6/2014, no exceptions. You can find the link to the report file at the bottom of this page. If you are unable to submit a report electronicly, please come and see us at the SECTF booth to make arrangements.

WTF, this is hard? Yes this is not a simple task, you will need to keep track of information to document for your report as well as find ways to get the information quickly out of the company’s employees at the conference. You will need to use all of your Social Engineering skills to pull this one off. You will need to manage your time well and take control of the conversation and situation. Some targets might not be easy to crack. Try pivoting your attacks and refocusing your approach. This will not be easy, but it will allow you to test your social engineering skills to the max. As always please come see us for questions as we will answer them, but not provide hints.

Please note: We understand that there is no cheating in hacking, but these rules exist strictly to keep your butts out of jail/trouble/prison/bad stuff and to make sure everyone has a fun and level playing field. Rules may be changed throughout the game to adjust and adapt to any issues that may arise that jeopardize the level playing field as well as the safety of the players.

1. No physical contact with anyone, period. (Includes awkward hugs.)
2. No interaction with BSides Las Vegas staff.
3. No interaction with the venue staff, service providers, sponsors and venue designated employees.
4. No interaction with any entity outside of the game. Your targets are clearly marked and are the ONLY ones that have information about the game.
5. Use of automated tools and tools/programs/apps is prohibited in the attack or finger-printing of the target company’s web site. It is a social engineering game, tools will not be needed.
6. Final reports will not be submitted with malware/backdoors/malicious payloads/etc. Keep it clean and simple, otherwise…bad things will happen.
7. No direct/intentional sabotage of the game/resources/target or fellow players. It will actually just waste your time.
8. Players may team up but remember there is only one trophy.
9. No DOS or DDOS of any of the game components/websites/programs/players.
10. Only assets clearly marked with the target company’s logo on it are allowed to be interacted with or touched.
11. Rules are subject to change at any time during the game and will be announced via our twitter feed @squirrelsnabrrl ONLY to ensure the safety of players.
12. Use common sense.
13. When in doubt ask a question in person or hit us up on our twitter account. @squirrelsnabrrl
14. Interaction on a personal level, including DOXing of the game organizers or participants is not allowed.
15. All reports must be submitted by 8/7/2014 at 4:00 PM, please submit via email to: feedback [AT] squirrelsinabarrel.com if you have any questions or need to set up different arrangements please see us in person.
16. Keep it simple.
17. No reverse engineering of ANY of the game components is allowed. This is an SE CTF not a reverse engineering competition.
18. Absolutely NO interaction or interfacing with the service providers of the target company’s web site or the Squirrels in a Barrel web sites. This will end the game immediately and is being closely monitored.
19. Most important of all… HAVE FUN!!!

Download The WCSE EZ Report Template

Remember the first rule of lock picking, check the door to see if it is already open.