Jayson E. Street - Simulated Adversary: Tactics & Tools Training - DCTLV2025

Name of Training: Simulated Adversary: Tactics & Tools Training 
Trainer(s): Jayson E. Street and Kenny Hess
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2,200  

Course Description: 

Ever wondered what it’s like to be the Villian? Have a propensity for chaos and a penchant for mischief? Seize the opportunity to unleash your inner “bad guy” in a legal and controlled environment. This class, led by Adversary for Hire, Jason E. Street, will teach you how to think and attack like an adversary. 

You will learn advanced intelligence gathering techniques and explore non-traditional tactics from one of the most twisted minds in the industry. Using real-world examples along with hands-on practical training, Jayson’s approach highlights the human side of cyber compromise. He will introduce you to the Security Awareness Engagement methodology, which he uses in the field to reveal real-world threats without negative impacts to targets. This methodology employs practical simulations of social engineering attacks.

In addition to simulating remote attacks like phishing and vishing, students will learn how to craft and deploy physical attack payloads with the Hak5 Bash Bunny. Each student will receive a Bash Bunny to take home and use in their new life as a simulated adversary. 

This class focuses on the paramount threat to any person or organization: other humans. It provides in-depth understanding of each element in a social engineering attack and where social engineering falls on the kill chain. More importantly, you will leave with an in-depth understanding of how simulated adversaries and social engineering awareness can help people and organizations protect themselves. Sign up for DEF CON's most mischievous training and leave with new skills you will use for life.

Course Outline:  

Day 1: 

• Introduction 

• Agenda 

• Differences 

• Who am I 

• Who are we 

• Current State of security awareness 

• Module 1 

• What is Social Engineering 

• Red Teaming or Physical Pentest 

• The human factor 

• Module 2 Recon 

• Recon online 

• Recon in real life 

• Presenting findings 

• Case study 

• Lab: Conducting your own recon 

• Module 3 Phishing 

• Phishing for results 

• Finding target 

• Impersonation 

• Finding emotional trigger 

• Case study 

• Lab: Constructing a phish using results from Module 

• Module 4: Importance of preparedness 

• Preparing for onsite engagement 

• Clarifying scope of work 

• Managing client expectations 

• Defining success 

• Get out of jail free card 

• Case Study 

• Lab: 'Creating' a "Get out of jail free" card 

• Module 5 Weapons of Mass Education & Learning to code in Ducky script 

• An overview of the tools such as Bash Bunny, Pineapple, OMG cables & rubber ducky, Flipper Zero & other useful devices 

• Purpose of these tools 

• Each student will be given a book on programming in Ducky script 

• We will go over several chapters that I will teach from. This will give students the understanding and ability to write their own beginner payloads for the Bash Bunny

• Case study 

Day 2: 

• Lab: Configuring the Bash Bunny 

• Module 6 Infiltration of the Location 

• Persona creation 

• Passive infiltration 

• Assertive infiltration 

• Location infiltration 

• Commitment to your persona 

• Location 

• Time of attack 

• Population onsite 

• Lab: Creating your persona for your scenario 

• Module 7 Execution Phase 

• The attack 

• The approach 

• The target 

• Deployment 

• The escape 

• Case Study 

• Lab: Setting the stage and acting it out 

• Module 8 What's next? 

• The aftermath 

• Dealing with compromised humans 

• Educating on the spot 

• Conveying the lessons to management 

• Covering the findings in a positive way 

• Case Study 

• Lab 7: Consoling and educating the compromised 

• Closing 

Difficulty Level:

Beginners to start. 

Intermediate & advanced students to learn new techniques.

Suggested Prerequisites:

None

What Students Should Bring: 

A laptop and a desire to learn! A Hak5 Bash Bunny will be provided for all students.

Trainer(s) Bio: 

Jayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.  

He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years. 

He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)! 

He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006. 

Kenny Hess is an Advanced Security Engineer at Secure Yeti. He is a trusted security consultant who has built a career around developing and testing secure, mission-critical systems for national governments, state agencies, and international corporations. Additionally, he has been able to help businesses of all sizes develop security policies and programs for classified and unclassified systems. Kenny has a B.A. in Journalism and Broadcasting and an M.S. in Telecommunications Management from Oklahoma State University. Because of this diverse educational background, he is able to connect with his clients through clear communication backed by technical expertise. When he's not desperately urging people to use a password manager, you might find him in the kitchen trying a new recipe, or at the airport lounge en route to adventure. Whether he's hacking people, systems, or ingredients, Kenny Hess is always ready to add a dash of fun to everything he does. 

Registration Terms and Conditions: 

Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.

Trainings are non-refundable after July 8, 2025.

Training tickets may be transferred. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.