Learn From Industry Experts
Are you working on groundbreaking research or innovative approaches in the field of social engineering? The Social Engineering Community village at DEF CON invites you to submit your proposal for a 25-minute presentation as part of our Call for Papers!
We are accepting only a limited number of talks this year, and we are especially interested in novel research, unique findings, or original methodologies that advance the art and science of social engineering.
We look forward to seeing your submissions and showcasing the latest in social engineering at DEF CON!
CFP is OPEN!
Call For Papers closed on June 30, 2025 at 5 PM PT. Acceptance emails will be sent by July 7, 2025.
Please note that speakers are responsible for their own travel to and from DEF CON, including securing a conference badge, as we are unfortunately unable to provide support for these costs at this time.
Our 2025 Presentations
Brent Dukes
(TheDukeZip)
Introducing the SEC Badge
Every year, electronic badges light up DEF CON, sparking creativity, community, and curiosity. But behind the blinking LEDs and clever puzzles are questions we rarely ask: How safe is this badge for its users? What’s its environmental footprint? In this talk, we’ll dive into the design of The SEC Village Badge—from concept to execution—but more importantly, we’ll explore a proposed framework for badge makers to disclose key safety information and environmental impact of their creation. From battery safety considerations and materials selection to end-of-life recycling and disposal, we’ll discuss how transparency can empower the community, inspire more responsible design, and keep the badge life culture thriving sustainably. Whether you’re a seasoned hardware hacker, a first-time badge maker, or just curious about what goes into creating these wearable works of art, this talk will challenge us to think beyond the soldering iron and consider the broader impact of our creations.
About Brent: Brent is a long time hacker and DEF CON attendee that has designed various electronic badges throughout the years. He may be the all time champion at coming in second place in DEF CON competitions (but let’s be honest, he’d probably turn out to be second place in that too!)
Enrico Faccioli
Matt Holland
10 Lessons from the Frontlines of AI Vishing: From Zero to (Almost) Hero
The path from a working demo to an AI vishing agent that can survive in the wild is littered with failed calls and bad prompts. We walked that path so you don’t have to. This talk is a rapid-fire rundown of 10 lessons learned from taking a bot into production. We’ll dive into: how to craft pretexts that don’t collapse under pressure, the dirty secrets of managing conversational latency, and the surprising challenge of handling accents and background noise. I’ll break down the trade-offs between self-hosted models and commercial API infrastructure, their inherent limitations, and the privacy considerations to address. Learn how to tune prompts for believable improvisation and avoid the uncanny valley.
About Enrico: Enrico Faccioli is a London-based entrepreneur tackling AI-driven social engineering. His latest venture, vishr.ai, uses conversational AI to provide employees with realistic vishing simulations and hands-on training. Following his MSc in Finance from Warwick Business School, he moved from overseeing the tech strategy for L&G’s real assets funds (£28bn AUM), into startup leadership as COO of the geospatial AI startup Gyana, before a breach of his own fueled a pivot into solving critical security challenges.
About Matt: Matt Holland is a startup co-founder and CISO who builds security solutions designed for the real world. His career has taken him from leading security for iconic brands like Unilever and the John Lewis Partnership to his current role as co-founder of vishr.ai, a venture tackling the threat of AI-driven social engineering. His approach is a product of that journey. He tackles every challenge by blending the strategic discipline of a global CISO, the commercial focus of an MBA, the relentless drive of a startup founder, and the adversarial mindset needed to counter modern threats.
Mansoor Ahmad
Brad Ammerman
Hacking the First Amendment: A press photographer's perspective on Red Teaming scenarios
Drawing from personal experience as a press photographer, this talk highlights the underexplored attack surface created by media access at high profile events like concerts, sporting events and political rallies. We explore how the press badge can become a powerful tool in the hands of a red teamer. By taking into account elements of OSINT, social engineering, and physical and network security, we focus on how lessons learned as a press photographer can directly be applied by red teamers (or threat actors!) to gain a foothold. Once that is achieved, individuals can embed themselves directly within high-visibility individuals and high-value, sensitive devices associated with professional sports teams, musicians and bands, and political leaders and lawmakers. The talk also discusses the importance of looking at the “bigger picture”, and being aware of threats where people may not consider them to come from. Inspired by the spirit of Johnny Long’s No Tech Hacking, this talk examines how low-tech, high-ingenuity approaches continue to be in a hacker’s arsenal. It makes the case that media impersonation is a serious but overlooked threat vector, and one that allows attackers to bypass traditional perimeters. About Mansoor: Mansoor Ahmad is an offensive security practitioner who has always had a curiosity about how things worked. He studied information technology and worked as a news photographer in college. A quiet kid growing up in a foreign country, he would always accompany his father on errands and observe people’s reactions to different things and the psychology behind it. This started an itch which he has been scratching since then, that has led to a career in information security. When he’s not working, eating or sleeping, Mansoor likes to practice photography and taking naps. About Brad: Brad Ammerman, a leading figure in security testing, currently serves as the Senior Director at Prescient Security. His background includes influential roles at companies like Foresite, Optiv Security, Lockheed Martin, DIA, DoD, and Supreme Court of Nevada, where he developed his expertise in offensive security and team management. A skilled hacker himself, Brad is also a recognized speaker, educator, mentor, and disabled veteran, dedicated to teaching and protecting others. He takes great pride in his roles as a devoted husband and father. |
Cronkitten
The Devil Wears Headsets
Watched the vishing competition and caught the bug? Welcome to the world of social engineering! Now let’s turn that adrenaline into action. In this talk, I’m handing over the knowledge and worksheet that I use to plan my vishing calls, complete with pretext ideas, vishing tips and the kinds of pushback you might encounter on your calls. We’ll dive into the art of social engineering over the phone. You’ll learn how to build believable pretexts and what makes a voice sound trustworthy. I’ll give you what you need to be ready to pick up the phone. You’ll leave with everything you need, except a burner phone. And unlike Miranda Priestly, your targets won’t even see you coming.
About Cronkitten: Cronkitten (they/them) is a cybersecurity professional, threat hunter, vishing competitor and relentless advocate for ethical social engineering. As a returning vishing competition contender Cronkitten thrives in the booth and on the phone. When they’re not building new tools in the SOC, they’re crafting pretexts, coaching newcomers, and teaching others how to dial with confidence, charisma and just the right amount of chaos (Ok, it’s a lot of chaos, but the good kind). Equal parts charm and strategy, Cronkitten brings a hacker’s mindset and a people-first approach to every call. Cronkitten says make that call, embrace the chaos and live in the meow-ment.
fir3d0g
The Human Vulnerability: Social Engineering in a Hyper Connected World
“In today’s hyper-connected world, one vulnerability remains reliably exploitable: the human. Social engineering ”the manipulation of people to gain unauthorized access or extract sensitive information”continues to outpace technical exploits in both effectiveness and stealth. But in the age of AI, these attacks are evolving faster, becoming more scalable, convincing, and harder to detect.
This talk explores the many faces of modern social engineering: from classic phishing, vishing, and physical intrusion, to AI-generated phishing emails, deepfake voice calls, and synthetic identities crafted by language models. We’ll walk through real-world scenarios where attackers exploit trust, urgency, charm, and emotion—now enhanced by tools that can replicate human tone, write believable pretexts, and automate reconnaissance at scale.
You’ll leave with a deeper understanding of how AI is supercharging social engineering, what this means for defenders and red teamers alike, and how to recognize the increasingly subtle cues of human-targeted compromise.”
About fir3d0g: David has spent nearly 2 decades in cybersecurity, transitioning from systems and network administration to offensive security. He has successfully breached banks, law firms, government facilities, and more, all over the globe. David speaks at conferences nationwide, sharing knowledge and humorous stories. Prior to his career in cybersecurity, he served in the U.S. Army, including a tour in Iraq.
Daniel Marques
Do Scammers dream of electric Phish? Lessons learned from deploying AI-driven phishing ops
“Effective phishing campaigns traditionally demand extensive manual effort, involving detailed target reconnaissance, crafting believable scenarios, and setting up infrastructure. These manual processes significantly restrict scalability and customization. This talk explores a practical approach to leveraging Generative AI for automating core aspects of phishing workflows, drawing on direct experiences and real-world threat actors such as Emerald Sleet, Crimson Sandstorm, and Charcoal Typhoon.
The session thoroughly compares results from different models and platforms, including OpenAI ChatGPT, Anthropic Claude, and local alternatives, highlighting distinct strengths, weaknesses, and techniques for optimizing outcomes. Attendees will gain insights into deploying an end-to-end phishing campaign, emphasizing the models’ effectiveness in reducing the technical barrier of scaling phishing attacks. Finally, the talk underscores that while AI significantly enhances operational efficiency, it functions best when complemented by human judgment and expertise, reinforcing the critical human factor in cybersecurity practices.”
About Daniel: With over 15 years in offensive security, Daniel applies a strong software development and networking background to help Fortune 500 companies identify and remediate vulnerabilities in various technologies, including corporate networks, applications, and smart devices. With more than 15 years of experience in Cybersecurity, prominent local and international security conferences such as HOU.SEC.CON, ISC2 Security Congress, and Black Hat Regional Summit featured his Offensive Security research. Daniel holds a B.Sc. in Computer Science and an M.Sc. in Cybersecurity. In 2019, Daniel was part of the team that won the DEF CON Biohacking Village Capture the Flag competition.
