Schedule is TBA
Keynote Speakers:
Christina Lekati
Micah Hoffman
How Digital OSINT Enables Physical Access: Blended Social Engineering Across Online and Real-World Environments
Chris Klossner
OSINT and social engineering are often discussed as digital disciplines, confined to screens, platforms, and online personas. In practice, the most meaningful impacts of both occur when digital intelligence translates into real-world access.
This presentation explores how publicly available information, routine online behavior, and seemingly low-risk digital exposure can enable physical approach, influence, and access when combined with social engineering techniques. Rather than focusing on tools or collection methods, the talk examines how attackers think across domains and how digital signals become real-world opportunities.
Using real-world scenarios drawn from security and protective intelligence work, the session walks through the progression from online research to physical interaction. Attendees will see how fragmented pieces of information, when aggregated, can reveal patterns about movement, habits, authority, and trust that are exploitable outside of digital spaces.
The talk also highlights common blind spots in how organizations assess OSINT risk. Many focus on data exposure without considering how that exposure affects physical security, staff behavior, or access control assumptions. By separating digital and physical threat models, organizations often miss the point where the two converge.
This session is designed for practitioners who want to better understand how OSINT and social engineering operate together in the real world, and how digital visibility can unintentionally create physical risk. The goal is not to alarm, but to provide a clearer mental model for identifying and reducing cross-domain exposure.
The Ethical Hunt: Key Principles for Capturing, Analyzing, Validating, & Protecting Open Source Intelligence in a Digital World
Patricia Lee
Open-source intelligence (OSINT) derived from social media has become an increasingly common resource for analysts, investigators, and researchers. The wide spread of information obtained, ease of access, and scope of coverage present significant concerns for validity and reliability. This presentation examines the complexities of collecting and interpreting intelligence from social media environments where information can be incomplete, misleading, or deliberately manipulated. Particular attention is given to the role of cognitive biases that can influence how analysts interpret uncertain or ambiguous data and reinforce incorrect assumptions.
Using illustrative case examples, the session evaluates how popular platforms are often perceived as credible information sources within certain communities and demographic groups. At the same time, these platforms have faced persistent issues involving misinformation, data misuse, and privacy controversies. Understanding how platform demographics and user trust influence the spread and interpretation of information is therefore essential when incorporating social media into OSINT workflows.
Language as Metadata: Identity Signals in OSINT and Social Engineering
Erin Blankenship
Language is something we often take for granted, using it for everything from internal thought to international broadcasts. Yet beyond its literal meaning, language carries a wealth of hidden information. Word choice, pronunciation, accent, and even subtle grammatical differences can reveal political alignment, cultural affiliation, regional background, and group membership—often unintentionally.
In intelligence and security contexts, these signals function as a kind of unstructured metadata about the speaker or writer. Many practitioners, however, are not trained to notice these signals, let alone document or interpret them.
This talk explores how linguistic choices can act as identity signals in both OSINT investigations and social engineering contexts. Through a series of real-world anecdotes from influence operations and cross-cultural communications, we will examine how small linguistic details can signal allegiance, legitimacy, and belonging.
Rather than presenting a technical tool or automated technique, this session offers a different kind of capability: a heightened awareness of the linguistic signals embedded in everyday communication. By learning to notice these cues, practitioners can better interpret online discourse, avoid cultural misreads, and craft more credible interactions in human-centric security work.
Hooks and Hooks: How AI Is Revolutionizing Both Phishing Attacks and Our Defenses
Levone Campbell
In this thought-provoking session, we explore the rapidly evolving landscape where artificial intelligence and phishing attacks intersect, creating both unprecedented threats and innovative defensive capabilities.
As AI technologies become more sophisticated and accessible, cybercriminals are leveraging these tools to craft increasingly convincing phishing campaigns that can evade traditional detection methods. Simultaneously, security professionals are adopting AI-powered solutions to identify and neutralize these advanced threats before they reach potential victims.
The Scammer Industrial Complex: Measuring the Impact of Enforcement Raids
Adam McNeil
Pig-butchering scams have evolved into one of the most profitable social-engineering operations in the world, powered by large criminal compounds operating across Southeast Asia. In recent months, governments have conducted high-profile raids against these operations, arresting workers, dismantling compounds, and seizing infrastructure. But do these enforcement actions actually disrupt the scam ecosystem?
This talk examines that question through the lens of real messaging data. Using large-scale analysis of reported scam messages, we track pig-butchering activity across multiple enforcement events targeting major scam compounds. The results show clear and measurable disruptions following raids, and the adaptation and recovery as operations reorganize, relocate, and resume activity.
By analyzing messaging patterns before and after enforcement actions, we can observe how the broader scam ecosystem behaves under pressure. Some raids produce sharp declines in scam messaging, while others appear to have little lasting effect. In other cases, the disruption is temporary as the underlying criminal supply chain remains intact.
The findings reveal an uncomfortable reality: pig-butchering scams now operate as an industrial complex capable of absorbing enforcement shocks. Understanding how these operations respond to disruption is critical for investigators, threat researchers, and policymakers seeking to reduce the impact of global scam operations.
What They’re Really Saying: Decoding Linguistic Patterns in OSINT and Social Engineering
David Ford
Every time someone writes a message, posts online, or sends an email, they leave behind linguistic fingerprints: patterns of word choice, sentence structure, slang, regional colloquialisms, and punctuation that reveal far more than the author intended, even in an era of AI-generated content.
This talk explores the practical applications of linguistic analysis across the OSINT and social engineering landscape. Attendees will learn how stylometric techniques can link anonymous accounts and unmask authorship across platforms, how cross-platform linguistic fingerprinting can track a person of interest even when they change usernames and details, and how coded language like evolving slang, emoji shorthand, and cultural euphemisms can disguise criminal activity, conceal intent, or communicate threats in plain sight.
Social engineers exploit these same principles every day, crafting phishing messages that mirror a target’s communication style, adopting regional dialect to build false trust, and using pretexting scripts designed to avoid suspicion. Understanding how language works in both directions makes investigators sharper and targets harder to exploit.
Drawing on real-world investigative experience in missing persons, social engineering, and open-source intelligence, this presentation offers a practical framework for integrating linguistic awareness into your OSINT workflow. No linguistics degree or special tools required. Whether you’re tracking a person of interest, analyzing threatening communications, or defending against social engineering attacks, this talk will sharpen your eye for patterns you’re already seeing but not yet using.
Its in the method Man by Redman
Brett Redman
In an era of unprecedented access to data, open-source intelligence has never been more visible, more automated, or more misunderstood. Tools are faster, datasets are larger, and confidence often arrives long before understanding. Yet many OSINT failures still stem from the same place: the human layer.
This talk uses the cultural lens of hip-hop, and in particular the idea of “method” embodied by Method Man and Redman, to explore why discipline, structure, and judgement matter more than volume, speed, or tooling. Drawing on real investigative practice, the presentation examines how OSINT investigations succeed or fail long before the first search is run, and how cognitive bias, narrative lock-in, and over-collection continue to undermine otherwise capable teams.
Framed squarely at Layer 8, the session focuses on the analyst as both the greatest asset and the greatest risk within OSINT. It unpacks the importance of hypothesis-led investigation, verification over velocity, negative intelligence, and knowing when to stop. Cultural references are used deliberately to anchor complex ideas and keep the audience engaged, without diluting the seriousness of the subject.
Designed for practitioners, decision-makers, and leaders alike, this talk is not about tools or technology. It is about protecting method, respecting tradecraft, and understanding that in OSINT, confidence must always be earned.
Attendees will leave with a clearer understanding of how to reduce noise, improve judgement, and build OSINT practices that stand up under pressure, scrutiny, and consequence.
Search Engine Optimization: Only for Marketing or a Tool for OSINT Exploitation?
Tim Farmer and Chris St. Germain
Finding resources can be difficult and understanding how to get to them without raising a red flag is a bigger concern. During this presentation, Tim will outline how best to use SEO databases and website structure to find information that can be “hidden” from search engines.
My OSINT F*ckups – What I’ve learned
Lisette Abercrombie
An OSINT mistake is easily made…just one click of a button and you’ve accedently liked your targets profile picture. That moment when you feel that all of you intestants sink to your feet, is a moment Lisette knows quite well. She’s made some pretty horrible mistakes, and learned some lessons the hard way. She wants to share what she’s learned with you. So you don’t have to make that same mistake ;-)!
Breaking Social Engineering Without Accusations: The Deception Disruption Framework (DDF)
Ian Sun
Social engineering remains the dominant initial access vector in today’s breaches, yet most defenses rely on post-hoc detection or awareness training against known attacks. These approaches fail as attackers evolve and operate patiently, politely, and professionally, lying low to avoid showing red flags. Meanwhile, across many workflows, such as help desks and emailing, simply not engaging can be detrimental.
This talk introduces the Deception Disruption Framework (DDF): a method for detecting and disrupting deceptive actors by applying cognitive pressure in live interaction when prior disengaging is unfeasible. DDF is built around three simple techniques: Lived Experience (LE), Context Change (CC), and Moral Reflection (MR). Rather than accusing or interrogating, DDF integrates seamlessly into normal conversation and forces deceptive actors to sustain concrete personal narratives, tolerate social expansion, and reflect ethically on their actions; things that, due to cognitive load and dissonance, they struggle with.
In early 2026, DDF was tested live against an active job scam conducted entirely over text. Using only polite and conversational questions, the interaction produced repeated behavioral failures even without visible vocal or expression leakage. The scammer struggled to provide experiential detail, resisted social expansion, deflected ethical reflection, and ultimately pivoted to authority appeals, causing a major contrast between the attacker’s behavior and the expected legitimate behavior that gives license for disengaging before further damage can be done.
This presentation marks the first public debut of DDF. Attendees will learn how DDF differs from scambaiting, why it generalizes across different kinds of social engineering attacks, and how it can be used by everyday people in hiring, help desks, onboarding, and more. The goal is not confrontation, but disruption: extracting signals of deception that warrant disengaging or reporting, while legitimate actors have less to worry
Vishing at Scale: Humans vs. Voice Agents
Carter Zupancich
I’ve run 8,500+ human-to-human vishing calls. Now I’m doing the same thing with fully automated voice agents, at scale, against F500 and government employee/helpdesk workflows (sanitized artifacts, real outcomes).
This talk is the before/after: humans vs. voice agents in real operations. Not necessarily an academic apples-to-apples study, because frankly, that’s not how internal red teams work. Instead, I’ll break down what actually changes when “voice becomes software”: persistence (callbacks/retries), parallelization (no labor bottleneck), consistency, and the ability to chain SMS/email/other messaging while on the call to push targets through password resets, MFA reset flows, and other sensitive information disclosure.
We’ll define: where agents outperform humans today, and where humans still win (interruptions/barge-in, emotional pivoting when challenged, deeper influence/elicitation techniques, and company-specific nuance/edge cases).
I’ll also share what’s moved the needle in measured outcomes (compromise, reporting, shutdown) and what hasn’t, so you can tune your own voice exercises and harden the workflows that make this possible at scale.
The Hijacked Brain: Neuroscience and Why Social Engineering Works
Sarah Sabotka
Social engineering attacks don’t just exploit systems, they exploit your biology. This talk examines a curated set of real-world email phishing threats designed to provoke fear, urgency, anxiety, and excitement in their targets, using them as a lens to explore a phenomenon that security awareness training rarely addresses: amygdala hijacking.
When a threat actor crafts a message warning you that your account has been compromised, that legal action is imminent, or that a loved one is in danger, they’re manipulating your judgment by triggering a measurable physiological stress response. The amygdala, the brain’s threat detection center, can effectively override rational thought before you’ve consciously processed what is in front of your eyes. It doesn’t distinguish between a predator in the wild and a well-crafted phishing email, or what’s real and what’s fake. By the time your prefrontal cortex catches up, you may have already taken the bait.
This session walks attendees through compelling examples of fear-based phishing and social engineering emails, analyzing the specific psychological levers each one pulls and why they are so effective at short-circuiting clear thinking. From there, we’ll explore the neuroscience behind why these tactics work so reliably and why even trained security professionals aren’t immune. Attendees will leave with a deeper understanding of how physiological responses can be weaponized by adversaries, and with practical frameworks for recognizing the moment their threat response has been activated and restoring rational thought before misguided instinct makes the decision for them.
Human Zero Trust Architecture
Harutyan Galstyan
Through practical examples, the presentation demonstrates how attackers collect information through open-source intelligence (OSINT), personal interactions, and publicly available data, allowing them to profile potential victims and exploit psychological and organizational weaknesses.
A key focus of the discussion is the progression of these attacks. Fraud schemes often begin with simple physical interactions, paper-based communications, or small-scale deception, but can gradually develop into coordinated operations involving multiple participants and long-term manipulation. In some cases, individuals who initially become short-term victims may later unknowingly contribute to larger operational structures that enable continued exploitation.
The presentation also explores how these tactics extend beyond individuals to affect major service providers and institutions, including financial organizations, accounting firms, law firms, nonprofit organizations, and small businesses. Independent workers—such as taxi or rideshare drivers—can also become vulnerable entry points within these broader networks.
By examining these patterns, the session emphasizes the importance of integrating human-centered security strategies within Zero Trust frameworks, demonstrating that effective cybersecurity must address not only technical systems but also the behavioral and social factors that attackers increasingly exploit.
Evidence Room of DOOM!
Jeff Tomkiewicz
What happens when a penetration tester in a polo from eBay walks into a police station and nobody asks for ID? He ends up standing in the evidence room, surrounded by firearms, narcotics, and tagged evidence bags, wondering to himself how it was this easy. In “Evidence Room of DOOM!” join Jeff as he walks the audience through the full lifecycle of a physical and social engineering engagement against a police department: from two weeks of OSINT and recon, to building a persona in a hotel room, to walking past bulletproof glass and into one of the most sensitive rooms in the justice system. No exploits. No malware. Just khakis, a kind voice, and an understanding of how humans make decisions under pressure. Whether attendees are seasoned red teamers or brand new to social engineering, this talk reveals the psychological leverages that bypass every security system ever built, and the simple defenses that could have stopped it all. Come for the story. Stay for the existential DOOM!
How to Avoid Scams and Being Influenced by People
Jennifer Shannon
From phishing emails and phone scams to in-person manipulation, scams and social engineering attacks succeed not because their targets are careless or unintelligent, but because they are human. Attackers deliberately exploit fundamental psychological principles including trust, authority, urgency, fear, and our natural discomfort with conflict to craft convincing scenarios that bypass rational thinking and trigger instinctive responses. This talk explores the psychology behind why these tactics work so effectively. We’ll breaking down how scammers and manipulators build believable pretexts, leverage cognitive biases, and use emotional pressure to influence decision-making, often convincing otherwise security-conscious individuals to act against their own best interests. Through real-world examples drawn from both personal and professional environments, we’ll examine how these attacks unfold from first contact to a successful compromise, and more importantly, where the opportunities to recognize and stop them exist. Whether you are new to cybersecurity or an experienced professional, this session aims to strengthen your awareness of how human behavior can be targeted and provide practical strategies to recognize and resist these forms of manipulation, helping you better protect yourself and those around you.