Jayson E. Street - Simulated Adversary: Tactics & Tools Training - DCTLV2025
Name of Training: Simulated Adversary: Tactics & Tools Training
Trainer(s): Jayson E. Street and Kenny Hess
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2,200
Course Description:
Ever wondered what it’s like to be the Villian? Have a propensity for chaos and a penchant for mischief? Seize the opportunity to unleash your inner “bad guy” in a legal and controlled environment. This class, led by Adversary for Hire, Jason E. Street, will teach you how to think and attack like an adversary.
You will learn advanced intelligence gathering techniques and explore non-traditional tactics from one of the most twisted minds in the industry. Using real-world examples along with hands-on practical training, Jayson’s approach highlights the human side of cyber compromise. He will introduce you to the Security Awareness Engagement methodology, which he uses in the field to reveal real-world threats without negative impacts to targets. This methodology employs practical simulations of social engineering attacks.
In addition to simulating remote attacks like phishing and vishing, students will learn how to craft and deploy physical attack payloads with the Hak5 Bash Bunny. Each student will receive a Bash Bunny to take home and use in their new life as a simulated adversary.
This class focuses on the paramount threat to any person or organization: other humans. It provides in-depth understanding of each element in a social engineering attack and where social engineering falls on the kill chain. More importantly, you will leave with an in-depth understanding of how simulated adversaries and social engineering awareness can help people and organizations protect themselves. Sign up for DEF CON's most mischievous training and leave with new skills you will use for life.
Course Outline:
Day 1:
-
Introduction
-
Agenda
-
Differences
-
Who am I
-
Who are we
-
Current State of security awareness
-
Module 1
-
What is Social Engineering
-
Red Teaming or Physical Pentest
-
The human factor
-
Module 2 Recon
-
Recon online
-
Recon in real life
-
Presenting findings
-
Case study
-
Lab: Conducting your own recon
-
Module 3 Phishing
-
Phishing for results
-
Finding target
-
Impersonation
-
Finding emotional trigger
-
Case study
-
Lab: Constructing a phish using results from Module
-
Module 4: Importance of preparedness
-
Preparing for onsite engagement
-
Clarifying scope of work
-
Managing client expectations
-
Defining success
-
Get out of jail free card
-
Case Study
-
Lab: 'Creating' a "Get out of jail free" card
-
Module 5 Weapons of Mass Education & Learning to code in Ducky script
-
An overview of the tools such as Bash Bunny, Pineapple, OMG cables & rubber ducky, Flipper Zero & other useful devices
-
Purpose of these tools
-
Each student will be given a book on programming in Ducky script
-
We will go over several chapters that I will teach from. This will give students the understanding and ability to write their own beginner payloads for the Bash Bunny
-
Case study
Day 2:
-
Lab: Configuring the Bash Bunny
-
Module 6 Infiltration of the Location
-
Persona creation
-
Passive infiltration
-
Assertive infiltration
-
Location infiltration
-
Commitment to your persona
-
Location
-
Time of attack
-
Population onsite
-
Lab: Creating your persona for your scenario
-
Module 7 Execution Phase
-
The attack
-
The approach
-
The target
-
Deployment
-
The escape
-
Case Study
-
Lab: Setting the stage and acting it out
-
Module 8 What's next?
-
The aftermath
-
Dealing with compromised humans
-
Educating on the spot
-
Conveying the lessons to management
-
Covering the findings in a positive way
-
Case Study
-
Lab 7: Consoling and educating the compromised
-
Closing
Difficulty Level:
Beginners to start.
Intermediate & advanced students to learn new techniques.
Suggested Prerequisites:
None
What Students Should Bring:
A laptop and a desire to learn! A Hak5 Bash Bunny will be provided for all students.
Trainer(s) Bio:
Jayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!
He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
Kenny Hess is an Advanced Security Engineer at Secure Yeti. He is a trusted security consultant who has built a career around developing and testing secure, mission-critical systems for national governments, state agencies, and international corporations. Additionally, he has been able to help businesses of all sizes develop security policies and programs for classified and unclassified systems. Kenny has a B.A. in Journalism and Broadcasting and an M.S. in Telecommunications Management from Oklahoma State University. Because of this diverse educational background, he is able to connect with his clients through clear communication backed by technical expertise. When he's not desperately urging people to use a password manager, you might find him in the kitchen trying a new recipe, or at the airport lounge en route to adventure. Whether he's hacking people, systems, or ingredients, Kenny Hess is always ready to add a dash of fun to everything he does.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]