Live Calls,
Big Prizes
In the Social Engineering Community’s Vishing Competition (#SECVC), teams and individuals go toe to toe, placing live phone calls in front of the SEC audience at DEF CON, showcasing the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.
Looking for the Scoreboard?
Want to Compete?
This competition is not for the faint of heart! However, if you or your team think you have what it takes, we encourage you to apply!
Closes May 11, 2024.
You read everything below, right?
Acceptance Announcements by May 21, 2024.
How The Competition Works
We recommend you read ALL of this …
It is important to note that teams must adhere to the SEC Code of Ethics throughout the competition.
Teams
We welcome both individuals and teams of up to three individuals to compete. As a team, you may organize however you see fit. However, there should be at least one designated caller who will make calls. You are welcome to switch callers during or after a call and work collaboratively including passing notes among team members or otherwise communicating in real time with the caller. Please note that only two individuals may be in the booth at a time though.
Coaching
As part of the competition, multiple individuals are available to teams as a coach. Each coach has hands-on experience with vishing and/or has competed in a similar style competition before. Each team will have the ability to meet with different coaches throughout their preparation time.
Video Submission and Selection
As part of the submission, we require a video up to two minutes long allowing you and your team (if you want to have a team) to explain why we should select you for the competition. This video, along with your application and agreement to our terms, will be used to determine who will be invited to compete this year.
If You Are Accepted:
Company and Objectives Assignment
Once accepted, you’ll be given a your target company. This will be the company you perform OSINT against, prepare your pretexts, and actually call at the SEC during DEF CON. You will also get the list of objectives you’ll be expected to get and their respective OSINT and Vishing Call point values.
Coaching
Competitors will be offered a specific time with each of the four coaches to get help and provide advice. Competitors are encouraged to come prepared with as many questions as possible so that they get the most out of their coaching time.
OSINT and Pretext Report
Teams will be given a window of time from when they are given their target company to perform open-source intelligence (OSINT) gathering to try and obtain objectives prior to the vishing portion (which will take place at DEF CON). During this time your are forbidden from having direct contact with your target company. This includes calling, emailing, physically visiting or otherwise communicating with them in a manner other than passive OSINT. If you have any questions on a technique which you are unsure about, you may contact the SEC Staff which assigned your company or a coach during your coaching window.
In addition to finding and documenting objectives discovered, teams also use this time to document their plan for the live vishing phase which happens at DEF CON inside the SEC in front of an audience. The plan should include pretext details, phone numbers they wish to call, phone numbers they would like to spoof as, etc.
A template and example will be provided to follow.
This report must be submitted prior to the deadline provided to the competitors for scoring by year’s judges. These reports will be scored and provided to the competitors. Judge’s feedback is available upon request. Scores will be published online and attributed to the team’s Team Name supplied in the application.
Surveys
Each member on your team agrees to complete a pre-competition survey and a post competition survey for use by our research team. Failure to complete either survey will result in disqualification. The post-competition survey MUST be completed by midnight (pacific) August 9, 2024. We promise they each survey shouldn’t take longer than 15 minutes.
Onsite Live Competition
Prior to DEF CON, each team will be given a day and time to perform their live calls from the soundproof booth. Teams will be given a specific amount of time to make their phone calls and gather as many objectives as possible, during this portion of the competition, the judges will be scoring the calls and the live scoreboard will be updated. Additionally, at the end of each teams call time, judges can also award a limited amount of style points – so, teams are encouraged to be creative.
A Competitor Wrangler’s contact information will be provided in advance and will provide support onsite for competitors, if needed.
Competitor’s Panel and Awards
On Sunday, the SEC plans to have a competitors panel with a platform to give selected competitors an opportunity to share more about their experience as a competitors. Immediately following the panel, the SEC will host an award ceremony for the winners, to hand out prizes. This will be done before DEF CON closing ceremonies to allow for time for constants to say a few words and accept their prizes and also allow attendees ample time to transition to the closing ceremonies.
The winning competitors may also be invited back the following year to be a Vishing Coach, allowing them more opportunities (if they choose), to give back to the community.
