Tweet
CONTEST RUNS THROUGH JUNE 22!
SEE CURRENT SCENARIO FOR DEF CON 32 --> https://forum.defcon.org/node/249127
Contest Overview
You will be supplied with a variety of articles and profiles of potential targets within a fictional company. Your goal is to find a way to get your selected target to click while trying to make us laugh along the way. How you go about that is up to you. Remember, though, this contest is as much about creativity and writing as it is about your technical aptitude. We’ve given you the background, but it’s up to you to “fill in the blanks.”
How do I win?
The best e-mail and ultimate winner will find a way to combine clickability with laughability. We’re looking for “targeted absurdity” with these entries. Write up a hilarious backstory complete with technical chops and then back that up with a phishing e-mail that drives your target to click that link and bust a collective gut. Combining humor with a targeted phishing attempt is a delicate balance, but our winner will find a way. Never fear, however, there are multiple ways to win in this competition. We understand that balancing both humor and clickability is a challenge. So, if you happen to be better at one or the other, you’ve still got a way to win.
We’ll select three winners after reviewing all the entries:
Each submission features two distinct documents:
Contest begins May 18th and participants will have until 11:59pm PST on June 22nd to submit their entry.
One entry per participant – if you submit more than one, we’re only counting and reading the first.
You will receive confirmation of your entry within 48 hours of submission. Please contact us if you do not hear back from us within that timeframe.
Illustrations and graphics are not accepted.
Please include your e-mail address and alias/hacker name (or real name if you prefer) for communication and recognition.
Scoring Criteria
Judging will be conducted by a panel and completed within 2 weeks of the end of the contest.
The panel will individually stack rank each of the entries based on the following categories:
E-Mail Clickability – The point of a phish is to get someone to click, is yours going to hook someone?
Use of Sources – We’ve given you the scenario and some sources, show us you’ve read them! There are nuggets stored throughout, some are not so obvious.
After the Click – Can you tell us what happens when someone actually clicks on the link?
E-mail Humor – Did the e-mail make us laugh?
Backstory Humor – How about the backstory? Another chance for a chuckle.
Creative Ingenuity – How creative were you? Show us some outside-the-box storytelling.
Winners will be selected in the following fashion:
Ruler – Highest score of all 6 categories
Wizard – Highest score of E-Mail Clickability + Use of Sources + After the Click + Creative Ingenuity
Jester – Highest score of E-Mail Humor + Backstory Humor + Creative Ingenuity
Only one winner per category. The Ruler will be identified first, and the remaining entries will be ranked to determine the Wizard and the Jester.
Prizes (In-Person at the Con)
Ruler – 2 Human Badges
Wizard – 1 Human Badge
Jester – 1 Human Badge
The winners will get recognition in the online program and in social media. If on-site during the conference, they will also walk the stage to be recognized at the Contest Closing Ceremony.
We will be posting ALL entries in the DEF CON Forums for everyone to enjoy along with the winners.
See last year's scenario, entries, and winners for more information.
You can follow @phishstories on X (Twitter) for updates and information. Attempts will be made to provide updates and information to other social media platforms as well including:
Defcon.social (serum@defcon.social)
Reddit (u/phishstories)
Enjoy!
SEE CURRENT SCENARIO FOR DEF CON 32 --> https://forum.defcon.org/node/249127
Contest Overview
You will be supplied with a variety of articles and profiles of potential targets within a fictional company. Your goal is to find a way to get your selected target to click while trying to make us laugh along the way. How you go about that is up to you. Remember, though, this contest is as much about creativity and writing as it is about your technical aptitude. We’ve given you the background, but it’s up to you to “fill in the blanks.”
How do I win?
The best e-mail and ultimate winner will find a way to combine clickability with laughability. We’re looking for “targeted absurdity” with these entries. Write up a hilarious backstory complete with technical chops and then back that up with a phishing e-mail that drives your target to click that link and bust a collective gut. Combining humor with a targeted phishing attempt is a delicate balance, but our winner will find a way. Never fear, however, there are multiple ways to win in this competition. We understand that balancing both humor and clickability is a challenge. So, if you happen to be better at one or the other, you’ve still got a way to win.
We’ll select three winners after reviewing all the entries:
- The Ruler – Our Ruler is the entrant who has found a way to pair a clickable e-mail with comedic chops that leaves us rolling. They will write a creative backstory that builds a narrative to help spring into their phish. The Ruler is our overall winner.
- The Wizard – Our Wizard is the entrant who has written a phish that is most likely to cause their target to click on a link. More focused on the technical aspects of phishing, humor is optional to the Wizard.
- The Jester – Our Jester is the entrant that made us laugh the most. Creative and funny, but maybe not the most clickable or technical. The Jester will have us remember them for their ability to make the judges laugh out loud.
Each submission features two distinct documents:
- The backstory – you’ll need to fill out the assumptions you made about your target(s). The more creative you get, the better chance you have to win. This is where you can really tell a story and fill in those blanks. Tell us why you chose the target you did and tell us what happens after they click on that link! The backstory should be limited to roughly one page.
- The e-mail – again, this should be limited to no more than roughly one page.
Contest begins May 18th and participants will have until 11:59pm PST on June 22nd to submit their entry.
One entry per participant – if you submit more than one, we’re only counting and reading the first.
You will receive confirmation of your entry within 48 hours of submission. Please contact us if you do not hear back from us within that timeframe.
Illustrations and graphics are not accepted.
Please include your e-mail address and alias/hacker name (or real name if you prefer) for communication and recognition.
Scoring Criteria
Judging will be conducted by a panel and completed within 2 weeks of the end of the contest.
The panel will individually stack rank each of the entries based on the following categories:
E-Mail Clickability – The point of a phish is to get someone to click, is yours going to hook someone?
Use of Sources – We’ve given you the scenario and some sources, show us you’ve read them! There are nuggets stored throughout, some are not so obvious.
After the Click – Can you tell us what happens when someone actually clicks on the link?
E-mail Humor – Did the e-mail make us laugh?
Backstory Humor – How about the backstory? Another chance for a chuckle.
Creative Ingenuity – How creative were you? Show us some outside-the-box storytelling.
Winners will be selected in the following fashion:
Ruler – Highest score of all 6 categories
Wizard – Highest score of E-Mail Clickability + Use of Sources + After the Click + Creative Ingenuity
Jester – Highest score of E-Mail Humor + Backstory Humor + Creative Ingenuity
Only one winner per category. The Ruler will be identified first, and the remaining entries will be ranked to determine the Wizard and the Jester.
Prizes (In-Person at the Con)
Ruler – 2 Human Badges
Wizard – 1 Human Badge
Jester – 1 Human Badge
The winners will get recognition in the online program and in social media. If on-site during the conference, they will also walk the stage to be recognized at the Contest Closing Ceremony.
We will be posting ALL entries in the DEF CON Forums for everyone to enjoy along with the winners.
See last year's scenario, entries, and winners for more information.
You can follow @phishstories on X (Twitter) for updates and information. Attempts will be made to provide updates and information to other social media platforms as well including:
Defcon.social (serum@defcon.social)
Reddit (u/phishstories)
Enjoy!