Tweet
Read. Rate. Sleep on it. Read again. Re-rate. Repeat.
A little taste of the process our judges had to go through this year as we took on the challenge of 17 amazing Phish Stories! It was NOT EASY. The quality of every submission made it difficult to say the least. All four potential targets were chosen by contestants with multiple attack angles and humor ranging from outright bust-a-gut laughter to others that brought a more subtle approach.
Our leaderboard had frequent position changes right up until the announcement. In the end, three entries stood out, our winners for DEF CON 33's version of Phish Stories:
We'll be coordinating with each of the winners via email for badge pickup.
This was truly a difficult contest to judge and I hope you all take the time to read through each entry as time permits!
Highlights of other entries (in no particular order):
zerouncool -- Well written attack coming from a 9 year old girl who wants to set up an urban beekeeping program at her school. The email was fun and engaging targeting Jack.
RenTheTiefling -- Anytime the words "entomological Chekhov's gun" are included in a backstory you have to read it to it's conclusion. The humor and flies were outstanding. Went for the gusto targeting Frank.
AlilbitAlexis -- Truly understood Kaya and captured her voice within the context of the email. Well written backstory as well.
Raechel -- We loved the clever punny wordplay throughout this one which made for a delightful read.
Kerlynmanyi -- Enjoyed reading the thought process behind how the target was selected with the right amount of "Southern Charm" found within the email targeting Jack from Frank. Quality entry!
0Day -- Dory Coldwater was a great name for the attacker posing as a student at Jack's alma mater. Read this one for a primer on casino odds and win-rates, deep subject matter knowledge on display!
birdbird -- Our Ruler from last year went for a potential romance in retirement angle. Sexy birds vs. Sexy bees anyone? A fun one to read no doubt.
luvs2spuge -- The nevvquarktimes highlighting the comeback of Rebecca Sinclair had a nice touch and the backstory was fun to read.
CybrMerc -- To the point e-mail targeting Kaya and everyone's urgent worry... money! Realistic phish with a good after-the-click writeup.
Ola -- Bamboozled is the game with a fun twist... the attacker has an identity crisis!
Oxilite -- An ex-coworker of Rebecca's reaches out with an alarming revelation regarding an investigation from the U.S. Treasury. We definitely think Rebecca would click on those recordings!
lonervamp -- Hyper realistic scenario featuring highly plausible attack scenarios in today's world. A nice use of deepfakes throughout!
PrivacyMike -- "Be Evil" indeed! Inappropriate double entendres were creative and darkly funny drawing on the source material. Jack would definitely be feeling the heat on this one.
Fl4re -- Plausible attack from Jack's alma mater using a student seeking help from a friendly alum. Easy to follow.
A little taste of the process our judges had to go through this year as we took on the challenge of 17 amazing Phish Stories! It was NOT EASY. The quality of every submission made it difficult to say the least. All four potential targets were chosen by contestants with multiple attack angles and humor ranging from outright bust-a-gut laughter to others that brought a more subtle approach.
Our leaderboard had frequent position changes right up until the announcement. In the end, three entries stood out, our winners for DEF CON 33's version of Phish Stories:
| The Ruler -- Tr1ster0 - A raucous ride that targeted the newest member of the DoubleThree staff, Kaya Blackfox. Who knew that Kaya was tired of Rebecca's ineffective leadership? Tr1ster0 knocked it out of the park in each of the judging categories, fully using the source material to dream up a scenario whereby our friendly neighborhood exterminator turned cybersecurity expert, Frank, sends Kaya an offer she can't possibly refuse, to go into business together and create a high-tech house for birds and bees on every roof at the DoubleThree! Free honey for the hotel guests along with birds and bees learning the intricacies of Wi-Fi. Truly weird and wacky, and yet, hilariously clickable. Well done! | |
| The Wizard -- Elijah Samuels - A homograph attack utilizing Unicode started us down Elijah's Phish Story. The realism behind that was only the beginning of a multi-layered technical masterpiece. Elijah went for full on technical points (and quite possibly will cause a change in next year's rules) by supplying us with the HTML for the e-mail along with gamifying the clicking portion to obtain even more information from Rebecca Sinclair, the desperate for redemption General Manager of the DoubleThree. The e-mail was also sourced from Frank and had the look and feel of one that could come from someone in charge of both cybersecurity and pest elimination. A Phish Story we loved to unpack! | |
| The Jester -- MarineMadMax - Ocean's 11 DEF CON style: MarineMadMax went for a Phish Story looking for a way to steal all of the snacks from the DEF CON Chill Out Lounge, and boy, did it work. Targeting Jack, our soon-to-be retiree at the DoubleThree and leveraging the source material to truly understand what drove him, Marine went for the mentorship angle and came up with a somewhat disgusting game of Operation: Casino Edition. The game matched Jack's interests and was described in hilariously gory detail, "Hack the body, harvest the goods." The backstory on this one was truly a standout, ending with a Matt Damon lookalike driving away in a van full of snacks. Truly a clever and funny Phish Story that needs to be made into a movie for DC TV some day! |
This was truly a difficult contest to judge and I hope you all take the time to read through each entry as time permits!
Highlights of other entries (in no particular order):
zerouncool -- Well written attack coming from a 9 year old girl who wants to set up an urban beekeeping program at her school. The email was fun and engaging targeting Jack.
RenTheTiefling -- Anytime the words "entomological Chekhov's gun" are included in a backstory you have to read it to it's conclusion. The humor and flies were outstanding. Went for the gusto targeting Frank.
AlilbitAlexis -- Truly understood Kaya and captured her voice within the context of the email. Well written backstory as well.
Raechel -- We loved the clever punny wordplay throughout this one which made for a delightful read.
Kerlynmanyi -- Enjoyed reading the thought process behind how the target was selected with the right amount of "Southern Charm" found within the email targeting Jack from Frank. Quality entry!
0Day -- Dory Coldwater was a great name for the attacker posing as a student at Jack's alma mater. Read this one for a primer on casino odds and win-rates, deep subject matter knowledge on display!
birdbird -- Our Ruler from last year went for a potential romance in retirement angle. Sexy birds vs. Sexy bees anyone? A fun one to read no doubt.
luvs2spuge -- The nevvquarktimes highlighting the comeback of Rebecca Sinclair had a nice touch and the backstory was fun to read.
CybrMerc -- To the point e-mail targeting Kaya and everyone's urgent worry... money! Realistic phish with a good after-the-click writeup.
Ola -- Bamboozled is the game with a fun twist... the attacker has an identity crisis!
Oxilite -- An ex-coworker of Rebecca's reaches out with an alarming revelation regarding an investigation from the U.S. Treasury. We definitely think Rebecca would click on those recordings!
lonervamp -- Hyper realistic scenario featuring highly plausible attack scenarios in today's world. A nice use of deepfakes throughout!
PrivacyMike -- "Be Evil" indeed! Inappropriate double entendres were creative and darkly funny drawing on the source material. Jack would definitely be feeling the heat on this one.
Fl4re -- Plausible attack from Jack's alma mater using a student seeking help from a friendly alum. Easy to follow.
Attached Files