Phish Stories - Contest Entries - DC 32

ENTRANT 1 - becmania

########################## BACKSTORY SECTION - Entry 1 - becmania ##########################

For me, Jean Cho is my pick for a phishing attempt due to her dynamic and varied background, competitive nature, and online presence. Her background in ballet, street dancing and her transition to a successful career in the transportation industry tell me that she’s a person who relishes a challenge constantly seeks to merge her passions with her professional life.

Jean’s love for dance, particularly her active participation in ad hoc street dancing, provides a bit of an avenue exploitation. This phish tickles her competitive nature, along with her history of organising and participating in various contests, such as the Code Jam contest that led to significant advancements in her company. This drive to excel makes her more likely to engage with a phishing attempt disguised as an exclusive, high-stakes competition.

I have assumed that Jean has strong tweet game, as she casually posted up to the minute activity and location re her dance jam with the beatboxers. In my experience people who do that are hoping to become ‘viral’ and have a secret want for attention and validation, especially if their day job is a little dry, like Jeans. The humorous and unique twist of a dancing llama in the phishing attempt would likely pique her interest and lower her guard.

Jean's leadership role and her responsibility for driving innovation and excellence at Hard Drivin’ Luxury Limos means she is often involved in high-level decision-making and strategic planning. This positions her as someone who could be targeted not only for personal data but potentially for more sensitive corporate information.

In summary, Jean Cho’s vibrant personality, competitive streak, active digital footprint, and professional responsibilities create a perfect storm of attributes that make her the best person to phish. If only the contest was real, as seeing her dance with a tap-dancing llama, Larry would actually be a cool achievement.

My malicious link would be a credential and payment capture, but to really sell it, I would also create a clickbank style website with past winners and weird and wonderful past challenges – using GenAI I could create a fair amount of content for this, and also lift videos and images from real dancers.​

########################## PHISHING E-MAIL SECTION - Entry 1 - becmania ##########################

Hey Jean!

I happened to catch your incredible freestyle dancing with the #BEATBOYZ on X and TikTok the other week – I’ve been following them for a while as I really love how agile their rhymes are – so much so that I extended an invitation to them to provide the beats for our dance-off challenge.

So, knowing this, and seeing your vid we couldn't think of anyone better suited enter our crazy challenge. Get ready for the Ultimate TikTok Dance-Off Challenge, where you'll not only compete against top dancers but also...a dancing llama! Yes, you read that right—a llama! He’s more of a tap-dancer but I think your mix of ballet and street would give him a run for his money.

Event Highlights:
• Dance Battles with a Twist: Show off your moves and compete against dancers AND our special guest, Larry the Llama. Can you out-dance a llama?
• Live Streaming and Viral Opportunities: Your performances will be live-streamed on ourTikTok, giving you the chance to go viral and gain a massive following. Who wouldn't want to see you dance against a llama?
• Exclusive Workshops: Learn new dance styles and techniques from renowned choreographers and TikTok stars in exclusive workshops. Larry might even teach a few llama-inspired moves!
• Celebrity Judges: Get your moves evaluated by a panel of celebrity judges, including top TikTok influencers, professional dancers, and Larry the Llama's handler.

Special Perks for Participants:
• Custom Dance Gear: Receive a personalized dance kit, including custom outfits and accessories designed for the competition. Llama-themed accessories included!
• VIP Networking: Enjoy exclusive access to networking events with fellow dancers, influencers, and industry professionals. Maybe even a llama meet-and-greet!
• Recognition and Prizes: Compete for exciting prizes and the title of TikTok Dance Champion. Winners will also get featured on major TikTok channels and receive special shout-outs from the judges and Larry.

To secure your spot and start preparing for the ultimate (and most hilarious) dance-off, click the link below and enter your details and entry fee (We’ve given you a special discount of 50% for being a #BEATBOYZ fan, please don’t share this link as it’s exclusive!).
We can't wait to see your incredible talent and competitive spirit in action—especially against a llama!
[Register for the Dance-Off Challenge] {Malicious link asking for personal details and payment details}
Let's dance our way to the top and have some fun!

Best regards,
Event Organizer Ultimate TikTok Dance-Off Committee

P.S. Don't worry, Larry is a professional and loves to dance. This is going to be epic!​

ENTRANT 2 - Texas Deviant

########################## BACKSTORY SECTION - Entry 2 - Texas Deviant ##########################

For this test 4 potential points of access have been offered. The 2 outgoing leaders will not be considered for the following reasons: 1)The median income in Omaha is <$40k/yr. 2)they work primarily with thespians who likely fall below that level. 3)People who ride unicycles while juggling likely have a higher cognitive ability. 4)Considering how difficult it is to run a successful business with your husband/wife, the details indicated in reason (3) and the fact that they named their business DEF CON 32-Bit Bus, they have my respect. BRAVO!

Of the 2 outgoing leaders Luis Dimas is ruled out, although by a narrow margin. The statistics on boxing related cognitive impairment had him pegged as a featherweight but his technical proficiency tipped the scales out of his favor. So, Jean Cho has been selected as my means of access for the following reasons: 1) The median income in Long Island is >$110K/yr. 2)Dancers have a higher rate of neurotic perfectionism, anxiety, narcissism and competitiveness, the latter being confirmed in LCD’s article where she is quoted stating (“I’ve always been competitive. . . . always competitive.”). 3)She is most active on social media and has an abundance of publicly available information. 4)Last but not least she obviously craves attention, because any middle aged business woman who cannot resist the urge to interrupt a group of highschool guys practicing their beatboxing routine for the talent show by thrusting her phone into one’s hand demanding “record this” before attempting to show her best break dancing #SpontaneousMoves then grabbing her phone and continuing on her way without another word(#Hideyakids seems more appropriate), she obviously seeks validation from complete strangers and will be an easy target.

My plan is to send an email that directs the target to a website I have created as my PhishNet and that Ms. Cho will find insulting and potentially harmful to her reputation. This approach will work to my benefit in two ways; 1)She will seek reassurance and validation by forwarding it to others in her circle which will provide credibility to the link and increase potential additional clicks. 2)It will impair her judgment increasing the likelihood of her willingly divulging the information I seek(PCI, PII, PHI).

The website I have created will require new users to register and signup for a membership if they want to view any of the videos or main content of the site. Memberships are free if you cancel within 7 days of registration, but require a credit card to complete(prices range from $10-$50). Registration also requires choosing and answering 3 security questions, which I will have copied from her banks sign up page(How do I know who she banks with? I reserved a limo through HDLL for an upcoming weekend shopping trip and paid the deposit with a check so I could see which bank it was deposited to;) and uploading a photo of her Driver License(front and back, will come in handy when I am ready to take over her identity). Users have the option to sign up with an existing email, which will redirect to a cloned login page then forward the verification link to targets email.

Once I have secured access to her email account I will change her personal information slightly to prevent any account recovery, generate Passkeys and Security keys just in case and begin logging any useful data necessary to access additional accounts and establish additional targets. Once I have access to multiple accounts I will begin the next string of attacks on additional targets.

My motivation in this test, aside from the obvious and the entertainment, is to raise awareness. I would find no enjoyment from cleaning out bank accounts, maxing out existing charge accounts and opening new ones, financing new vehicle loans and taking over identities to use in future attacks, not to mention if there is any proof of criminal activities or nasty little secrets I could expose or use to blackmail a target and leave them with nothing but a sob story.

Makes you wonder what the real reason is when all those big companies pay ransoms, maybe they don’t want the cat out of the bag or maybe it’s just a new form of insurance/investment fraud./????

Now for my attack

########################## PHISHING E-MAIL SECTION - Entry 2 - Texas Deviant ##########################

From: Brandon BBoy Bronson <bboybadass@mysite.com>
To: Jean Cho <jeancho@email.com>
Subject: Notice of DMCA violation

Ms. Cho,
Hello, I am a REAL professional dancer, and I recently was surprised and outraged to discover 11 of my copyright-protected dance moves were being displayed in horrific form and posted on accounts belonging to you to promote your new business as being “fun loving” and “unique”, their usage is in direct violation of DMCA laws and as such entitles me to recover statutory damages as outlined in Title 17, § 504, of the United States copyright laws for each violation. The allowed limits for statutory damages are between $750-$30,000 per violation or if proven to be willful violations up to $150,000 per violation.

My original dance moves can be found here:
httpq://www.mysite.com/breakdance/toprock/kickballchange
httpq://www.mysite.com/breakdance/godowns/Parachutedrop
httpq://www.mysite.com/breakdance/downrock/bretzelbackswipe
httpq://www.mysite.com/breakdance/downrock/peterpan
httpq://www.mysite.com/breakdance/downrock/ninja
httpq://www.mysite.com/breakdance/backrock/deadcat
httpq://www.mysite.com/breakdance/backrock/octopus
httpq://www.mysite.com/breakdance/footwork/buttslide
httpq://www.mysite.com/breakdance/powermoves/nutcracker
httpq://www.mysite.com/breakdance/powermoves/jackhammers
httpq://www.mysite.com/breakdance/freezes/invertedhallowback

As I am a reasonable person I would prefer not to be forced to take legal action to resolve this matter and if you obtain the proper license for usage from my site you may continue using them legally(once you have learned to do them properly). I think you will find my fees very reasonable. My Usage policies are as follows:

Commercial Use - Dance moves may be licensed for commercial use via mysite.com. License fees vary depending on the use, but generally fall between $50 and $500 per dance move. License arrangements for less than $300 must use the automated online system. If you are ordering multiple dance moves, or would like a rights-managed contract, I offer discounts. Email me (bboybadass@mysite.com) with the details of your project. Examples of commercial use include: company web pages,impromptu presentations and street performances and instructional materials.

Presentations - I do not allow my dance moves to be used in presentations without a full rights-transfer. Transfers can be purchased for a limited selection of unpublished photographs, starting at $500 per dance move.

Social Media - Use of my dance moves in social media (facebook, blogs, twitter, etc.) by commercial entities is the same as "Commercial Use" (above) and requires a licensing agreement. People acting in a personal capacity must contact me for permission prior to posting depiction of my dance moves to social media in a context other than Fair Use commentary of the creative aspects of the work itself. I am not inclined to give permission for Twitter or other websites run by or linked to white supremacy, bigotry, and homophobia.
Please respond within 3 days to let me know that I am mistaken and you have already obtained the proper license for use or how you would like to proceed with this matter.

“Dance is my life” this is just how I pay for it!
Warm Regards,
Brandon Bronson 555-222-3210​

ENTRANT 3 - Diego Donovan

########################## BACKSTORY SECTION - Entry 3 - Diego Donovan ##########################

I wanted to target Angie Jefferson since she doesn’t have any formal education in cybersecurity/IT/ or computer stuff. Then I would craft a nice squatted domain(the technical name for a website that is doing the domain squatting as well all know). I would use twiter.com/account/begin_password_verify and once she clicks on that link and enters her password. I would take over her twitter account. Then the chaos begins as I would just make the most obscene tweets I can. All in an effort to damage the company's reputation. My first tweet would be me dressed up as mexican beetlejuice just singing an original song, throw a bit of AI jank into it since im ass at writing. The goal would be to cause as much chaos, I would also be riding a unicycle while doing this. My next wild assumption would be that Angie Jefferson uses the same username and password for everything because of poor personal cybersecurity. Then I would sign in and see all the data I have access to and then save it to my collection.

########################## PHISHING E-MAIL SECTION - Entry 3 - Diego Donovan ##########################

Dear account Owner,
we are updating our security policies and require you to verify your email. Please click twiter.com/account/begin_password_verify within the next 24 hours or your account will be deleted.

ENTRANT 4 - birdbird

########################## BACKSTORY SECTION - Entry 4 - birdbird ##########################

This year’s scenario is very elaborate and it was hard to choose an idea. Ultimately I wanted to do a better job of blending the technical and the humorous though. I’ve chosen to target Angie. Instinctively I wanted to target Jeremy or Angie with something alarmist about a video of their performance, or maybe workplace mischief but their status as a couple does throw a wrench into how they might communicate with each other over received emails, or what they’re willing to believe their partner did. I chose them because Jean and Luis seem a bit too technically savvy to try to trick, though Luis might be easier to deal with.

This year I’m making fewer assumptions about the target. I really am just gleaning onto the fact that the company is an entertainment company. I’m projecting a traditional puritan mid-west background onto them, which impacts the sort of scandal I’m attempting to cause alarm with. I am also making assumptions about the sort of morality clauses any company acquisition might have.

Plan of Attack: This year we were provided with both emails and phone numbers. In an ideal scenario I would create a sense of urgency by posing as either Luis or Jean’s PA and text Angie, asking her to look at her email NOW following the given scenario. Since this isn’t explicitly allowed, I’ll just note the idea here and move onto the email phase. Instinctively I want to target Jeremy, but knowing they’re a couple tempered my approach (rather than some sort of shocking allegation or cover up about them, I’ve gone with something about their company). Angie will receive an email with an innocuous looking link. It will redirect them to a cloned website, but I’ll throw a password / credential verification error and ask them to re-verify existing password, email, vendor information, and bank account info (if feeling ambitious) before they’re just redirected to the normal website to login again in a simple “refresh”. An operator will hopefully then be able to go to the normal portal and harvest as much customer PII as possible and possibly exploit the vendor info itself. We can try to use these credentials to get into Angie’s general account as well and we can set up automatic mail forwarding in a low / no-code solution or just link her mailbox to our own. We create urgency by suggesting there’s an issue with the website and the services offered—we want to say the services don’t match what we expected, please log in and look at these, remove them.

I figure that they’ll give us their info, they’ll be confused because they won’t see anything, and they WILL notify Luis and Jean, but that we’ll be doing this after hours, and that we’ll still be able to get enough info to compromise some customer accounts before they sort it out. We may even be able to just create those services from their account, the moment we have their credentials to further obfuscate things. And even if they change their credentials, we will have made them verify their bank info, have gained some email access, and hopefully will have already set up forwarding for some passive monitoring. Purposely keeping the email brief with no real sign off to add to urgency. 

########################## PHISHING E-MAIL SECTION - Entry 4 - birdbird ##########################

Hi Angie,

This is Luis’s personal assistant. He asked me to set up a meeting with you, because of some concerning services that were apparently uploaded by your team while we were transferring over your entertainment services. Could you please verify who from your team uploaded the “Dancing Bear Show”, the “Naked Cirque”, and the “Juggling Balls to our server?
Each show has been posted with promo photos in what appear to be the company vehicles you are handing over. Detailing here, so you understand how seriously we are taking this.
The “Dancing Bear Show” features three very fit young men wearing bear masks and nothing else. We did not sign up to acquire the Chippen-bears.

The “Naked Cirque” is exactly as described. But I really want you to understand the severity of this. The listing says, “Watch these young men and women swing freely.” That’s it. That’s all it says. “Juggling Balls” differentiates itself from your regular ball juggling show. While there is no cast-cast contact or audience-cast contact, there something that I have now learned is called helicoptering.

These are all absolutely inappropriate and Hard Drivin’ Luxury Limos knows this is at a crucial time in our handover. Please take a look immediately. From our end, we’ve hidden the posts, but left them visible from the admin side for you to see. I know the portal is a bit unfamiliar to you, but once you log on you’ll be able to see these posts directly [here]. Let me know if you have any issues.

Jean and Luis will be calling you around 10 am tomorrow, unless you tell us otherwise. We’d like to get to the bottom of it and we truly believe that neither you nor Jeremy would endorse this sort of thing.

Thanks

ENTRANT 5 - LonerVamp

########################## BACKSTORY SECTION - Entry 5 - LonerVamp ##########################

We've heard about a business acquisition, and look to take advantage of the change in leadership to hopefully gain access to their systems. We don't necessarily want to steal from the target directly, but we do want to use their connections to their often wealthy clients to truly achieve profit. Worst case, we can pilfer information, attempt wire transfers, or ultimately ransom the target for a small pay day. But, the real goal is to use this target as a launching point to other targets.

We also suspect that these traveling parties may get out of hand, and capturing some video can definitely lead to some interesting black mail opportunities against individuals! Even if we fudge the videos a bit with fake AI-generated activities...

After researching the parties (hah) involved and the outgoing leadership, the Jefferson's seem pretty much the antithesis of hip and with it (come on, unicycles and juggling and plays for entertainment? maybe at a carny!). They may even fall asleep before falling for our phish. The new leadership probably has more to prove, especially as they are a New York City company taking over a sleepy Omaha nothing burger. They've probably never even visited before except through Google StreetView.

We'll also target Jean Cho, as she may be the lesser technically savvy of the two new leaders, but also seems the most spontaneous and interested in keeping in touch with her younger and hipper self. As a small business leader, she probably has admin rights to most everything and probably stays hands-on with clients and opportunities.

Hopefully, as a small company, they have very little in the way of local protections and only default, basic systems and low security acumen.

We're unsure about their technology. They may or may not be using:
- Microsoft 365
- MFA
- Office products
- Windows or Mac

GOALS
We want access to the target mailbox, access to mailbox/account credentials, access to M365 session or OAuth apps, and best case scenario: full workstation compromise via a malicious Excel document.

Our primary success will be achieving workstation compromise, but we'll have a fallback for credential grabbing and opportunities for further phish attempts if they engage in email correspondance with us. If they have M365 and we can get credentials, we may be able to load malicious OAuth apps to gain very stealthy persistence to the target mailbox, in addition to access to all contacts, calendars, email history, and email rules where we can set up fowards to our own addresses. With full system compromise, we can fully spy on anything that Jean does on her system and likely move to other systems and mailboxes in their organization.

PREP
We need to set up our infrastructure by purchasing a domain name: o-p-e-r-a.music. We'll use a low-cost provider in Romania we've used before, and have them host the domain, host a default Wordpress template of generic copy and stock imagery, and our mailboxes. We can put other content and even malicious payloads on the site in the future if needed. We'll have this on a static IP address, and not shared hosting. This domain will be new, but most small business will not have security tools in place for blocking newly registered domains.

We'll create a malicious Excel document with a macro to download a powershell-delivered 2-stage payload loader sourced from the IP address of our Romanian-hosted site. When executed, this will establish a RAT (customized Cobalt Strike C2 beacon and a connection back to us to issue further commands and privilege escalation, though we fully expect admin access straight up. This would be our full system compromise endgame. This document will also have what looks like dynamic content that wants to pull in video from YouTube and vimeo, and thus needs macros enabled to present properly. None of these go to real content, and will show errors either way, but we just want the macros to be enabled and secondarily cause the victim to communicate back to us about the errors so we can "troubleshoot" and "retry."

We'll stand up a W3LL phishing kit on the same infrastructure. This will be used as the target of our actual phishing link and will present itself as a normal M365 login prompt. Upon successful authentication, it will give us the credentials used and allow us to use the session as if we were the victim. Even if they have MFA, we'll be passed it due to how W3ll proxies the authentication to M365 both ways. The victim will get forwarded on to the malicious Excel document we crafted and hosted above, which will download and open. If invalid credentials are provided, it will default to the Excel document anywway, to continue the compromise. If the target does not use M365, they should still provide credentials to something via our phish email instructions.

For the phish, we want to sound like an important and promising and exciting opportunity for a new client, without sounding like a "check out our newest pillow sourced from siberian wooly ostriches only on etsy!" spam email that gets immediately deleted. We'll try to appeal to Jean's personal interests in addition to the professional one. We definitely want her attention, and not get sent off to sales or something.

We do have the option to just flat out attach the document to the email along with the link, but we kinda want to get the link clicked to enable as many opportunities for foothold as possible. The attachment may also possibly trigger M365 inspection rules if sent attached.

########################## PHISHING E-MAIL SECTION - Entry 5 - LonerVamp ##########################

To: Jean Cho
FROM: partnerships@o-p-e-r-a.music
SUBJECT: We want to make a music video on a party bus in Omaha :partyemoji:

MESSAGE BODY:

Good day! I am a founding band member for O-P-E-R-A and I am looking to host a bus party and CREATE A MUSIC VIDEO WHILE WE PARTY! We have a large production budget, and full coverage to hire any talent or clean any mess we incur during the ride.

O-P-E-R-A is a stealth collective of creatives and visionaries! a local super group! and we want to host a party and make a music video during it! We are trying to save Omaha from the farmers and bankers and boomers! We're trying to make Omaha the NYC of corn rows! We stand for Omaha's Punk Electro Rap Anti-Autotune band, where we use autotune but we tune it into the negatives for maximum out of tunage vibes!

For our music video, we are looking to mix old school break dances with new thoughts on street body contortioning matched to modern techno beats!

I have some information about our band and the music video theme hosted here: [PHISHLINK:o-p-e-r-a.music/sharepoint.php]

If you don't have a sharepoint account with us already just fill in the prompt and it will automagically create an external account for you to access the stuff!

We've tried in the past to set a party up with another band with the previous owners, but it has never lived up to expectations. Half the party-goers started texting and watching tiktok halfway through the ride! I expected they were going to bring in a sad clown, a sexy donkey, and start playing country music! (Don't tell the Jeffersons I said it, but they were maybe cool in the 80's...) We're hoping your new ideas will be far more exciting!

PS! PS! PLEASE!
also looking for some dance cameos and talent, even hologrammed in virtually through virtual reality...got anyone in NYC you might suggest for a virtual dance-off in the bus? No need to watch your space when a flying foot won't actually hit anything real!! Let your freak fly! Breakdancers versus gymnastics versus ballet! Maybe even do some live audience judging via Twitch!

ENTRANT 6 - Paint

########################## BACKSTORY SECTION - Entry 6 - Paint ##########################

Angie was selected as the target for this phishing email due to her “Big Softie ™” credentials, education in not security, and for being the talent trainer and manager. Her excitement over America’s Got Talent, which she gushed about in a Tweet, was a source of inspiration to this cunning scheme. This email capitalizes on a talent show theme to keep Angie engaged with the message.

Angie’s weekends are filled with juggling acts at hospitals and she is a champion of supporting local community initiatives and charitable causes. This phishing email has a noble facade of a charitable cause to tug at Angie’s heartstrings as she reads on, possibly shedding a single tear like Brad Dourif in Graveyard Shift, The X-Files, or Alien: Resurrection.

To seal the deal, I sprinkled in a single mention of UNE Huskers’ football--another of Angie’s interests found due to the insatiable urge to share every thought on Twitter dot com. Season tickets as part of the talent show prizes were the final push, finishing touch, the cherry on top, the coup de grace of the phish, designed to hit her with a roller coaster of emotions: elation for the talent show, heartstrings twanged by the charity, and back to elation for those season tickets.

The exploit of this phish is to install a RAT on Angie’s computer and the email also encourages her to share it with her employees so that a RAT could also be installed on their computers as well. The first link in the phishing email will show details about the talent show. The second link will show up as an actual registration page asking for full name, contact information, and the talent the participant wishes to share. Keeping things looking legitimate will further encourage Angie to share the links even if she decides not to do the talent show. The links in this phishing email will point to a malicious website controlled by myself, the website is designed to exploit a drive-by download vulnerability in the web browser to deliver the RAT payload. The payload is small and stealthy, packed with a custom packer, designed to evade detection by antivirus software and more specifically Windows Defender. After being downloaded and executed the RAT begins the process of establishing persistence by adding startup entries in the registry to ensure it launches on every system start. The RAT reaches out to the C2 for the first time through an HTTP request. The RAT will follow the commands of the C2 involving harvesting all of Angie’s contacts, and the theft of all her credentials. Finally, after ensuring its continued spread the RAT will be instructed to begin a cryptojacking campaign, in which it uses Angie’s computer to mine cryptocurrencies.

########################## PHISHING E-MAIL SECTION - Entry 6 - Paint ##########################

Hi Angie,

My name is Conner Manley and I am the director of the Center For Unicyclers Who Can’t Balance Good.

I'm excited to share that we are organizing a charity talent show to benefit the Center For Unicyclers Who Can’t Balance Good.

Our organization benefits disadvantaged youth who have struggled with balance their entire lives. However, we also work to help these youths juggle school, family, and relationships. Many of our members have spent time being homeless, have lost a parent or a sibling, have been arrested, or live in poverty. We want these children to be prepared for life and to have a solid foundation on which to build their lives. This event aims to raise funds and awareness for a cause that helps disadvantaged individuals who are passionate about theater, entertainment, and the arts but face challenges with balance.

Given your deep connection to the Omaha communities and strong history of philanthropic work we would be thrilled to have you participate in our talent show. We believe your performance would be a fantastic addition to the event as well as an opportunity to advertise your business.

Our talent show will be held in Baxter Arena, the home of the University of Nebraska Omaha’s hockey team.
The prizes will be as follows:
1st Place will receive 2 season tickets to UNE Huskers Football games and $5000
2nd Place will receive $3000
3rd Place will receive $2000

To learn more about the event follow this link: 2024 Charity Talent Show

If you’re interested, please sign up using the registration form linked below:

[**Registration Form**]

Additionally, we’d greatly appreciate it if you could share this link with any of your talent who might be interested in joining the talent show. We’re eager to gather a diverse group of participants to make the event as engaging and successful as possible.

Thank you for considering this opportunity to support such a fun and worthwhile cause. If you have any questions or need more information, feel free to reach out.

Looking forward to your response!

Best regards,

Conner Manley

ENTRANT 7 - BigSchwillyChickenDillys

###################### BACKSTORY SECTION - Entry 7 - BigSchwillyChickenDillys ######################

For this phishing email, I selected Luis Dimas as the target within my submission. Of all the potential targets, Luis has the least technical background with only having his GED and the majority of his experience in transportation and logistics. Although he won the digital innovation contest, he had a team of developers create eight-count for him as he was stated to have “no formal development training”. This provides us the advantage of a target with limited experience in computers and security.

Regarding business decisions, it appears Luis follows Jean’s lead as she “oversees all business operations”. As the director of fleet operation, Luis is restricted to a client-facing role where his involvement in acquiring the new company and relationship with the Jeffersons would be minimal. Luis likely met Jean in 2019 as his portfolio states he began working at Hard Drivin’ that year. His relationships with both Jean and the Jeffersons are solely professional and began recently, I feel with the right information, Luis can be deceived into believing that the recent merger is driven by nefarious purposes. Pairing this with Jean asking the old owners to stay on an extra month, it could support the claim.

With the substantial amount of media coverage Jean and the Jeffersons received, they are relevant and known well enough for an article to be written about their merger and backstory. In fact, GigGazette described the Jefferson’s company as a “mainstay of the Omaha area“ which led me to play into the narrative that the Jeffersons are a powerful family operating as a mafia running Omaha.

Within a tweet Jeremy mentioned he had a daughter in NYC working as a venture capitalist, it is possible their daughter and Jean could have crossed paths since Jean is from Long Island. This is where the daughter would act as a middleman in connecting Jean with the Jeffersons so her family can expand their operations to bigger clients in the executive market. The Jefferson’s operations mostly focused on the smuggling of laughing gas because Angie mentioned she volunteers at the hospital; I felt it would be fitting that the hospital is the supplier for their operations.

The objective of the phish is to receive ransom and obtain sensitive information on the new company Given Luis is Jean’s “right-hand man” the phish would reveal he is facing charges as a co-conspirator. Two links will be used; one link will contain a botnet ransomware disguised as the warrant for his arrest, the second link will claim to be a “secure url” for Luis to upload a record of clients and their contact information in exchange for immunity from the charges. Upon downloading and opening the document, the botnet will install and add Luis’s device to a network of compromised machines and propagate to other devices on his network.

After the initial spread, the botnet will lie dormant on Luis’s machine to avoid detection until commands are received from the C2 server to exfiltrate data, encrypt files, and demand ransom. This ransom will utilize double extortion tactics where if the ransom is left unpaid, the data exfiltrated will be threatened to be published. The second link will act as a fallback if the device Luis uses to open the email does not have client information or is encrypted.

Once client contact information is obtained, the phish can then be adjusted to target executive clients and their assets. To Luis, the exchange of client contact information for his freedom seems relatively low-risk and amidst his panic, he would be inclined to cooperate or at least curious to view the charges.

###################### PHISHING E-MAIL SECTION - Entry 7 - BigSchwillyChickenDillys ######################

Subject: Urgent: Cooperation Requested in Ongoing Investigation

Dear Mr. Dimas,

I hope this message finds you well. I am Special Agent Emma Bezler with the Omaha Division of the Federal Bureau of Investigation. I am writing to you regarding an ongoing investigation surrounding the recent company merger between Jean Chao and Angie and Jeremy Jefferson that requires your immediate attention.

For years our office has been working diligently to bring justice to Omaha by putting a stop against the Jefferson family mafia. Jeremy "One-wheel" Jefferson, a powerful mafia boss, has been running the streets of Omaha for the last 3 decades alongside his wife Angie "ball buster" Jefferson, who handles his unfinished business, and their daughter who kept their company profitable.

Their party bus business has long been suspected of being a front for a drug trafficking operation consisting of nitrous oxide otherwise known as "laughing gas". So far, 3 cases have been linked to DEF CON 32-Bit Bus Company where it is believed that laughing gas was used on unsuspecting guests during party bus performances. We have one hazy security footage clip of laughing gas from a local children's hospital being loaded into one of the party buses late at night which we suspect may be a supplier.

It was their daughter's recklessness that sent our investigation into motion after she was caught misappropriating large amounts of venture capital funds from her clients to help her family business. After raiding Ms. Jefferson home, we found conversations between her and Ms. Chao arranging the company merger. We believe the Jeffersons are looking to expand their operation to the executive market by establishing the DEF CON 32-Bit Bus and Limo Company.

During the course of this investigation, your name has come up in which you are considered a co-conspirator to the case. As a result, a warrant has been issued for your arrest. The details of the charges you are currently being faced with can be found *here*

However, we believe you possess critical information that could significantly aid our investigation. One element crucial to our investigation we are missing is records and contact information of clients. With this information we will finally be able to resolve this case. Should you choose to comply, we are offering immunity from prosecution for the charges currently pending against you.

This offer of immunity is conditional upon your full and truthful cooperation. We are prepared to work with you to ensure that this process is as straightforward as possible; simply upload the document using this *link* which expires after 48 hours. It is important you submit it within the given time frame as your offer of immunity will be withdrawn. After submitting the documents, no further action from you is required as we will contact you if anything were to arise.

We appreciate your prompt attention to this matter and look forward to your cooperation.

Sincerely,

Emma Bezler
Special Agent
Federal Bureau of Investigation

---

This email is intended for the recipient(s) only and may contain confidential information. If you are not the intended recipient, please notify the sender immediately and delete this message.

---

ENTRANT 8 - rrunner

########################## BACKSTORY SECTION - Entry 8 - rrunner ##########################

In this years submission, Jean Cho and Luis Dimas were selected as the primary targets. Jean is perceived to be the best target for this plan of attack based on her incoming status as President and likelihood to not be as up to speed on the rules, regulations and compliance for commercial transportation in the state of Nebraska. Her role will also put her in a position to act swiftly to keep operations running as expected. Although she has extensive experience in the transport industry, it is primarily based on operations management, coordination and collaboration. Luis was selected simply based on opportunities by way of gaining access to his work or private emails. He does, however, have some knowledge and experience with local transportation regulations and was quickly removed from the direct attack method.
Let it be known, this attack will be carried out by the infamous hacker group known as P4R7YP00P3RZ.

TRANSCRIPT – httpqs://www.youtube.com/watch?v=yvfpmm2xcirn
“Greetings, feeble partygoers and fun enthusiasts. We are the elite hackers known as P4R7YP00P3RZ, and this is our manifesto! We hereby declare WAR on all forms of parties, and anything remotely perceived as such. But “For what?” you ask. World Domination? Nay... something far more tacky. Our mission is to disrupt joy, dismantle festivities, and spread gloom across the digital and physical realms!

ARTICLE I – PARTY DISRUPTION PROTOCOL
We shall employ the most advanced hacking techniques to crash party playlists with Wagner’s operas, thereby transforming every dance floor into a solemn opera house of doom. No more shall the rhythmic beats of joy echo; instead, mournful arias shall fill the air, reminding revelers of the futility of merrymaking in both public and private settings... ‘HEY GOOGLE, PLAY RIDE OF THE VALKYRIES!’

ARTICLE II – ANTI-CELEBRATION DIRECTIVE
Birthday parties, graduations, and weddings shall face our relentless scrutiny. We shall flood event venues with doomsday prophecies and install gloomy décor, ensuring every celebration is an exercise in existential dread. Cake shall be replaced with kale salads, and champagne with bitter Herbalife tea. Celebrate milestones!? NO, contemplate mortality!

ARTICLE III – NO ESCAPE, ONLY REFLECTION
To all who profit from the industry of mirth and festivity, heed our warning: the P4R7YP00P3RZ will haunt your digital infrastructure and haunt your physical spaces until the last disco ball shatters and the final confetti falls. Embrace the bleakness, for in the void lies true enlightenment...
From limousines lined with laughter to party buses pulsating with bass, your vehicles of revelry shall become vessels of introspective journeys. We will reroute your GPS to desolate crossroads and abandoned cul-de-sacs, where passengers shall contemplate the futility of their hedonistic escapades amidst eerie silence and flickering streetlights.

Let it be known that we, the P4R7YP00P3RZ, shall dismantle the infrastructure of enjoyment and replace it with the architecture of introspection. Prepare for a world where parties are but distant, frivolous memories, and internal contemplation reigns supreme!”
__________________________________________________ ______________________

Objectives: 1) Manipulate Jean Cho to submit a series of documents and records in order to comply with the USDOT and Omaha Transportation Services. 2) Gain access to an email account of Luis Dimas. 3) DISMANTLE THE EVIL ESTABLISHMENT: HARD DRIVIN’ LUXURY LIMOS

Plan of Attack: Two phishing emails were crafted to obtain sensitive data pertaining to DEF CON 32-Bit Bus Company/Hard Drivin’ Luxury Limos and gain access to an email of Luis Dimas. The primary objective of this attack is to disguise ourselves as the City of Omaha Transportation Services, email Jean and suede her to submit the requested documents/information to a cloned website with the provided link. These documents will then be altered in a multitude of ways to ensure these companies can no longer operate. We will then email Luis Dimas and attempt to obtain the credentials of either his work or personal email so that it can be used to submit the obtained/altered information to the actual City of Omaha Transportation Services and USDOT. Once redirected, Luis will land on a duped login page for multiple email services in an effort to log his input(s). All communication methods listed in the phishing emails will be covered by domain spoofing methods and soft phone services such as Hush for example.

“GOTCHA B****”: Once the plan of attack has been successfully executed, we stand by to watch the disaster unfold from Luis Dimas email and dump anything of value. After confirming the upmost chaos has been concluded, our deed is done. On to the next techno tyrant!
<insert Dave Chapelle gif here>
__________________________________________________ ______________________

########################## PHISHING E-MAIL SECTION - Entry 8 - rrunner ##########################

Subject: Welcome to the Regulatory Ride, Hard Drivin' Luxury Limos!

Dear Hard Drivin' Luxury Limos Team,

Greetings from the bureaucratic wonderland known as the City of Omaha Transportation Services! We hope you've got your seatbelts buckled and your party pants fastened because you're about to embark on a regulatory adventure like no other.

First things first – welcome to the USDOT Compliance extravaganza! We kindly request the following forms and applications faster than you can say "limos rule the road":

1. USDOT Numbers: Think of them as your limo's very own ID card – essential for navigating the highways and byways of Omaha with swagger.

2. Purpose of Merger or Acquisition: We're not just curious; we're nosy – but in a totally professional way, of course! Share the juicy details of any mergers or acquisitions that brought you to our fine city.

3. Entire Safety History of Merged or Acquired Company: We're talking safety like it's your limo's guardian angel. Lay it on us – the good, the bad, and the oh-s... so, we missed that?

4. DOT Drug and Alcohol Testing Program: Because sometimes even limos need to stay sober. We’ll need the scoop on your program faster than a party bus on its way to Vegas.

5. DOT Clearinghouse Registration: This is where all the cool kids hang out in DOT land. Register pronto – we hear there's a virtual dance party happening there every Friday night.

6. DOT-Compliant Driver Applications: We're looking for drivers with charisma, charm, and a knack for parallel parking. Bonus points if they can breakdance or pirouette in style.

7. Digital Driver Qualification Files: We promise not to judge if they're still using flip phones. Just kidding – digital files only, please. Think of them as your limo's digital scrapbook.

8. DOT Physical Results: No need to strip down – just send over those physical results. We're not doctors, but we do stay at the Holiday Inn Express when traveling.

9. Background Check Findings: We'll be checking for any hidden talents like juggling or beatboxing. Show us the goods!

Now, that's quite the checklist, but hey, who said compliance can't be a barrel of fun? We're here to make sure your journey through Omaha's regulatory maze is as smooth as a limo's suspension.

Documents should be submitted through our web portal via the link provided below:

httpq://psc-pbcbsca.nebraska.gov/transportation/special-party-and-charter-bus-service/doc.portal

Please note, in compliance with USDOT regulations and FMCA, all documents must be submitted within 30 Days of merger(s) or acquisition. If the merger or acquisition will result in the original corporation dissolving and ceasing operations under its original identity, you must file an updated MCS-150 form and select “Out of Business Notification” to notify the FMCSA of the change in operations. In addition, there is no grace period given between the official merger and the beginning of operations; you cannot legally operate until you’ve purchased and appointed insurance, obtained USDOT number, registered your commercial motor vehicles, and officially transferred or hired drivers.

Looking forward to receiving your paperwork faster than a limo on the Autobahn (figuratively speaking, of course. This is Nebraska, not Germany...)!

Keep it compliant and cruisin’,

Dade Murphy
Chief Compliance Conductor
City of Omaha Transportation Services
dade.murphy@psc-pbcb.nebraska.go
Office: 531.168.2892 | Mobile: 402.615.8425

Confidential Notice: Attention All Road Warriors and Compliance Connoisseurs,
This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is privileged, confidential, and as rare as a unicorn on roller skates. If you have received this communication in error, please notify us immediately and resist the urge to forward it to your favorite meme-sharing group chat.
Please be aware that any unauthorized disclosure, copying, distribution, or use of this information is strictly prohibited and may result in spontaneous outbreaks of paperwork and obscure regulatory dances. Keep calm and drive on (within the speed limit),

The City of Omaha Transportation Services

__________________________________________________ ______________________

Subject: Welcome Hard Drivin' Luxury Limos to the Omaha Party and Charter Bus Scene!

Dear Hard Drivin' Luxury Limos Team,

Greetings from the City of Omaha Transportation Services, your newest fan club president here! We're thrilled – no, make that revving with excitement – to officially welcome you to our thriving community of Special Party and Charter Bus Services. Brace yourselves; Omaha won't know what hit 'em!

We've heard through the grapevine (and a very reliable carrier pigeon, the USDOT) that your fleet is as luxurious as a unicorn's spa day and as reliable as Boeing’s 737 MAX. Here at Omaha Transportation Services, we're all about keeping things moving and shaking.

While some might say we're just a bunch of transportation enthusiasts, we prefer to think of ourselves as the maestros of movement, the conductors of commutes, and the architects of all things wheely cool. With your arrival, the party bus scene just got a serious upgrade – think champagne flutes clinking, confetti cannons popping, and disco balls spinning like it's 1979!

So, strap in (or recline luxuriously), because together, we're about to redefine what it means to roll in style through the streets of Omaha. Your arrival is not just welcomed; it's celebrated with jazz hands and a standing ovation from our entire team.

Feel free to join our newly polished community platform! We highly encourage collaboration, information sharing and casual networking on this forum. You can sign up quickly by logging in to an existing email account with the email service links provided. Be sure to use an email associated with your company.

httpq://psc-pbcbsca.nebraska.gov/transportation/special-party-and-charter-bus-service/community.portal

Welcome aboard, Hard Drivin' Luxury Limos!

Keep it classy,

Kate Libby
Director of Transportation
City of Omaha – Special Party Bus and Charter Bus Services
kate.libby@psc-pbcb.nebraska.go
Office: 531.168.2892 | Mobile: 402.841.2317


Confidential Notice: Attention All Road Warriors and Compliance Connoisseurs,
This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is privileged, confidential, and as rare as a unicorn on roller skates. If you have received this communication in error, please notify us immediately and resist the urge to forward it to your favorite meme-sharing group chat.
Please be aware that any unauthorized disclosure, copying, distribution, or use of this information is strictly prohibited and may result in spontaneous outbreaks of paperwork and obscure regulatory dances. Keep calm and drive on (within the speed limit),

The City of Omaha Transportation Services

ENTRANT 9 - Ian

########################## BACKSTORY SECTION - Entry 9 - Ian ##########################

I chose the target named "John". The period of the time is February 19, 2021.
The email includes that the government will vaccinize them for free people will trust easily because they think the government sent this email.

If you click the link the malicious link will get you to the web page that shows that your browser needs to be upgraded but if you click the download and install the malware a listener at the attacker's computer will be connected with the host.

########################## PHISHING E-MAIL SECTION - Entry 9 - Ian ##########################

################ Email title: "Critical Government Announcement" ################

Dear Mr. John,

This is the U.S. government. We are having a free vaccination for American citizens who are not vaccinated.
According to the WHO(World Health Organization), vaccination is essential for these reasons:

1. **Protecting Individual Health**: COVID-19 vaccines significantly reduce the risk of severe illness, hospitalization, and death.
They help build immunity by stimulating the body's immune system to recognize and fight the virus effectively.

2. Community Immunity (Herd Immunity): When a significant portion of the population is vaccinated, it reduces the overall spread of the virus.
This protects those who cannot be vaccinated, such as individuals with certain medical conditions or those too young to be vaccinated.

3. Preventing Healthcare Overload: High vaccination rates help prevent surges in COVID-19 cases that can overwhelm healthcare systems.
This ensures that medical resources remain available for all patients, including those with non-COVID-19-related health issues.

4. Reducing Transmission: Vaccinated individuals are less likely to transmit the virus to others.
This reduces the overall number of cases and slows the spread of the virus in the community.

5. Mitigating Variants: High vaccination rates decrease the virus's opportunity to mutate.
This helps prevent the emergence of new variants that could be more contagious, more severe, or resistant to existing vaccines.

6. Economic and Social Stability: By controlling the spread of the virus, vaccinations help maintain economic stability and allow for the safe continuation of social activities, travel, and education.

7. Global Health: COVID-19 is a global pandemic.
High vaccination rates worldwide are necessary to control the pandemic and prevent outbreaks from recurring in different regions.

Overall, COVID-19 vaccination is a critical tool in managing and eventually ending the pandemic, protecting both individual and public health.

If you want more information about why you should get vaccinized visit [Here](httpqs://www.who.int/emergencies/diseases/novel-coronavirus-2019/covid-19-vaccines/advice)

Visit your nearest local public health center to get free vaccination.
If you can't find your local public health center find in [Here](malicious link)

If you need any further information, contact the public health center[(555) 123-4567].

Sincerely.

(555) 123-4567
www.cdc.gov

ENTRANT 10 - Mehntal

########################## BACKSTORY SECTION - Entry 10 - Mehntal ##########################

This phishing e-mail will target Angie Jefferson, the outgoing co-founder of 32-bit bus company. The e-mail will pretend to be from Jean Cho, an incoming owner, and President of the Hard’ Driving Limo Company.
The basic premise for the e-mail is that Jean will be proposing a novel digital competition to find new executives to help run the new company. This is to play on the Jean’s statement in article 1, “We’ve got some new ideas in the executive space,” her history of running digital competitions to enhance her business (which is how she found her current business partner, Luis Dimas), and the skills listed in her profile like technology integration and business process improvement.

I will be targeting Angie Jefferson rather than Jeremy Jefferson because his profile suggests he may be a bit more technically competent and business savvy since he ran day-to-day operations and the financial aspects of the company; these experiences may make him more suspicious of any e-mail. Angie’s skills also list event coordination, business development, and operations management” as well as her use of theatre in business contexts, which all make her the most appropriate to contact in the context of setting up a competition anyways.

Assuming that I can’t actually spoof Jean’s e-mail directly, I have created the fake e-mail JEANCH0@email.com. I have capitalized the letters to better hide the fact that the last letter is actually a zero. In the e-mail signature, however I have used the correct e-mail address.

I am assuming that Jean and Angie are friendly based on how they talk about each other in the articles, especially this statement in article 1: ““Hard Drivin’ knows what it is like to nurture ties to the local community, and both Jean and Luis were eager to learn from us. We really felt a kinship with them which ultimately led to our decision.” So I address Angie as “Ang” and sign off informally as “J” which is also something I have seen busy leaders do.

Since Jean is supposed to be a busy business woman, the e-mail is fairly straightforward and to the point. To make Angie more sympathetic early on to any requests, I played a “women supporting each other” angle. I also used technical jargon to make it sound like I was experienced in the space (e.g. “digital infrastructure”). I also referenced Luis and previous experiences to add some authority to this idea.

I also made an effort to seem like Jean by including “Strong Island Pride” next to the signature for the limos, which is a phrase used on Long Island (source: tragically, I grew up on Long Island) and I added a pretentious self-quote to the bottom which links to her dance videos. This quote is a directly from one of Jean’s tweets.

In the e-mail I direct Angie to a website link and I also asked her to give me the names of potential executive candidates.
After the Click: This link would bring Angie to a mock-up of a competition page including a sign-up link using Jean’s dance videos as place holders and tons of “lorem ipsum” text. The website will have keylogger malware which will install a keylogger on Angie’s computer.

Consequences: (please read in a new jersey accent) SURPRISE! I am a competing party bus and limo company from New Jersey; the evilest of all the jerseys! With this knowledge I can spy on Angie’s e-mails, learn their corporate strategies, and try to poach all of the executive candidates that 32-Bit thinks are good! MUAHAHAHAHAHAHA! WHAT? YOU THINK YOU’RE BETTER THAN ME? JERSEY RULES!

########################## PHISHING E-MAIL SECTION - Entry 10 - Mehntal ##########################

Subject: Leadership! Dancing! Magic! Oh my!
From: JEANCH0@email.com
To: angiejefferson@email.com

Hey Ang,

Hope you’re doing good!
I wanted to take your temperature on an idea I had for the new management after you and Jeff fully retire. I wanted to run it by you first because I’m not sure the boys would fully get it and could use your support and insights.

Basically, I’d like to run a national competition for some new executives using the same kind of digital infrastructure I used for the competition where I found Luis. I know this is a less technical role than Luis’ but I think this could work. I’ve mocked up a website (check it out here: [LINK TO FAKE WEBSITE]) and I have some ideas for challenges for the competition, including a talent portion! Maybe it sounds a little silly, but I think your theatrical experiences are part of what made you and Jeff so successful and I think we need to find people who have that same kind of talent, showmanship, and brilliance!

Anyways, check out the site and let me know what you think.

Also, if you have any potential candidates in mind that we can forward the competition to, let me know!

Best, J

Jean Cho
President, Hard Drivin' Luxury Limos; Strong Island Proud!
President, DEF CON 32-Bit Bus and Limo Company
Email: jeancho@email.com
Phone: (555) 123-4567
“Creativity fuels both art and business” – Jean Cho
[LINK TO DANCE VIDEO]

ENTRANT 11 - R0LLSum=1

########################## BACKSTORY SECTION - Entry 11 - R0LLSum=1 ##########################

The Plan:
I chose to target Luis Dimas. His background information indicates he is a self-taught individual, and his hobbies are all based in the physical dimension. Ernest Hemmingway said that “there are only three sports “racing, boxing and mountain climbing. Everything else is a game”. Luis Dimas is a man cut from the same cloth. Targeting him specifically, I wanted to use NLP through specific phrases and words that would convey truth and connection. I also intend to abuse his predilection for fixing things and being a problem solver presenting a small, solvable issue. I chose a Pinbot machine as those are valuable and highly sought after. I researched a real pinball place in Omaha Nebraska for authenticity in faking the receipt. I tried researching Swift Rides in long island, it exists, but I couldn’t find an angle there.

I chose to mimic an email from Angie as my initial point of entry. She strikes me as the type of woman who is outgoing, and as a performance artist, her sound and tone are probably varied enough to provide enough cover for my attempt to clone her style. She uses a lot of “!” in her communication. I will too.

The payload for Luis is an Emotet Trojan, packed in a zip file masquerading as a paid invoice, that would execute upon download and beacon to a C2 server. Payloads would include NetPass.exe and Outlook scraper for password scraping and further infection through worming the address book. The Zip file would contain a fake receipt and invoice, and an initial entry for Trickbot if poor Luis agrees to enable macros on the document. To boot, the bank numbers on the invoice would be to a bank account under my control just in case he decides to $end money. If he’s anything like the users I protect at my job, he will click on any links in the email. Some probably twice.

In the email. I share with Luis a story about a failed party bus tour called “Pinball Wizards”. I mention a broken pinball machine due to a fight and have an invoice for him to view for the replacement glass on the machine. The email also includes a mention of another failed party bus tour that was ultimately cancelled. This other tour is called the “Duck!”, a feather themed adventure. Although I only mention it briefly, it is intentional. In addition to the receipt, the zip file contains a classic Duckroll image, originally posted from 4chan circa 2004. This is so that if poor Luis is actually a fellow “/b/ro”, he at least has a small heads-up that his shit just got kicked in. Emotet is fast enough that he will still be Pwned, however it’s a professional courtesy to let him know. I have morals.

########################## PHISHING E-MAIL SECTION - Entry 11 - R0LLSum=1 ##########################

Luis!
Jeremy and I were clearing out stuff from the home office and found an old invoice from Pinball Past for a machine we had put in for glass repair!
It’s an old “Pinbot” machine that we had for a tour that we cancelled some years ago. It took some damage on its maiden voyage and we never tried that tour again. We ordered new glass but never picked it up! Jeremy mentioned you were an enthusiast, and so I wanted to tell you if you can fix it, you can have it. Here’s what happened to it.

It was one of the craziest nights. I was in the driver's seat, keeping an eye on the crowd through the rearview mirror. The theme on that bus was "Pinball Wizards” and it was packed with all sorts of characters. But the stars of the evening were definitely Gandalf and Harry Potter! Things were going smoothly until we made a stop in front of a popular nightclub on 24th street. Most of the partygoers had stepped off the bus to stretch their legs except the one Drunk Guy. He had been steadily getting more and more inebriated throughout the night, and now he was staggering around the front of the bus with a determined look that could only mean one thing. He looked like the alien guy from men in black asking for sugar water! Before I could react, Potter and Gandalf saw what was happening. Gandalf raised his staff and shouted "You shall not piss!" with all the horror and authority of Middle-earth. The Drunk Guy froze at the sound, but his bladder didn’t get the message. Potter, not missing a beat grabbed an empty bottle and shouted, "Expecto Patronum!" and hit him with a bottle of Patron! Unfortunately, that’s the bottle that bounced into the Pinbot machine and took out the glass. It was wild! We ended up only ever cancelling two tours. This one, and one called Duck!, a feather adventure. You live you learn!

The invoice for the glass is paid, we just never picked it up! The machine has the tilt sensor removed, and it took some damage from its first tour. You would need to have some skill to knockout the wiring but it should all be there. The machine is at the house, but the glass is at Pinball Past, ready for pickup. I forwarded the invoice and attachments, plus a few pictures from that night!

---------- Forwarded message ---------
From: < Mika.Cavalieri@pinballpast.com>
Date: Sat, Jun 23, 2024, 10:00 PM
Subject: Confirmation of Receipt Payment
To: <angiejefferson@email.com>
Dear Ms. Jefferson,

I hope this email finds you well.
Attached, please find the repair invoice for the PinBot machine. The total amount due is detailed within the document.
It was a pleasure servicing your machine, and I appreciate your business. If you have any questions or require further assistance, please do not hesitate to reach out.

On a side note, I noticed you're a fan of the Nebraska Cornhuskers. Go Big Red! Here's hoping for a great season ahead.

Thank you again for choosing us for your pinball machine repair needs.

Best regards,
Mika Cavalieri
Store Manager
(402) 597-3242
Pinball Past

ENTRANT 12 - Emery Frink

########################## BACKSTORY SECTION - Entry 12 - Emery Frink ##########################

I started with the very funny idea of Luis wanting to host a live boxing match on a moving party bus, and something going wrong. Since Jean Cho and Jeremy Jefferson are both noted as being tech-savvy or having tech experience, I chose to target Angie Jefferson, posing as Luis apologizing for, and dealing with the fallout of, the bus boxing incident.

I thought Angie would make an exceptionally good target due to her love of her business, and thus, emotional and urgent response to anything going wrong. (This was shown in her tweets and newspaper quotes). Especially with a customer getting hurt, and the involvement of a unique bus experience like the ones she pioneered. Again, I also just thought this was really funny.
Luis, in his supposed moment of crisis, suggests scheduling a meeting to discuss the next steps in detail. Angie, always eager to support her company and colleagues, is likely to click on the provided link to access the meeting schedule.

Upon clicking the link, Angie is redirected to a spoof of a scheduling platform. She attempts to log in with her credentials, and the spoof throws an error. She’s not able to log in, and she doesn’t even know she’s been phished.

Meanwhile, on the backend, I’ve just obtained Angie’s login credentials for the company platform. From here, I can access sensitive company information such as client lists, financial records, and strategic plans, leveraging it for further attacks or to sell on the dark web. I could also introduce a ransomware payload, encrypting critical company data and demanding a ransom for its release.

Thank you for considering my submission!

########################## PHISHING E-MAIL SECTION - Entry 12 - Emery Frink ##########################

Subject: Urgent: Incident During Live Event on Party Bus

Hi Angie,
I hope this email finds you well. I wanted to touch base with you regarding a rather unfortunate incident that occurred during one of our recent "test" events on the DEFCON 32-Bit Bus.
As part of our transition and in the spirit of merging our unique entertainment styles, I decided to test an innovative idea: a live boxing match on a moving party bus. I enlisted the help of a friend and fellow boxer to stage this match. Unfortunately, our driver made an unexpectedly sharp turn, causing me to lose my balance and, quite embarrassingly, punch one of our guests in the face.
Naturally, the guest is extremely upset and is now threatening litigation against us. I have some ideas for what steps to take next, but I want you to know I am deeply sorry for this mishap and for any potential repercussions it may have on our business reputation.

Could we possibly schedule a meeting to discuss this in more detail? Your input would be greatly appreciated. Here’s my calendar link. (malicious link)

Thank you, Angie. Looking forward to your guidance.

Best regards,
Luis Dimas
DEF CON 32-Bit Bus and Limo Company
Phone: (555) 987-6543
Email: luisdimas@email.com