Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Simulated Adversary: Tactics & Tools Training - Jayson E. Street, Iain Jackson, and James Sheppard (CovertSwarm) - DCTLV2026
    Simulated Adversary: Tactics & Tools Training - Jayson E. Street, Iain Jackson, and James Sheppard (CovertSwarm) - DCTLV2026

    Simulated Adversary: Tactics & Tools Training - Jayson E. Street, Iain Jackson, and James Sheppard (CovertSwarm) - DCTLV2026

    Las Vegas 2026

    Name of Training: Simulated Adversary: Tactics & Tools Training
    Trainer(s): Jayson E. Street, Iain Jackson, and James Sheppard (CovertSwarm Trainers)
    Dates: August 10-11, 2026
    Time: 8:00 am to 5:00 pm 
    Venue: Las Vegas Convention Center
    Cost: $2,250 (USD)

    Short Summary:

    This hands-on course teaches students how real adversaries exploit the human element through reconnaissance, social engineering, physical attack simulations, and emerging AI-assisted techniques. Students learn all aspects of a social engineering engagement from start to finish. If you are already a security pro who wants to expand your skillset, or if you are interested in social engineering as a career, this class is for you.

    Course Description:

    Ever wondered what it’s like to be the bad guy? This course immerses students in the mindset, tactics, and tools used by real-world adversaries who target people rather than systems. Led by Adversary for Hire Jayson E. Street, students learn how attackers gather intelligence, exploit trust, and turn human
    weaknesses into real compromise.

    The course emphasizes the Security Awareness Engagement methodology, which uses controlled simulations to reveal real-world threats without causing harm. Students will conduct reconnaissance, design phishing and vishing scenarios, and craft physical attack payloads using the Hak5 Bash Bunny. The course also addresses the growing role of artificial intelligence in social engineering, including how adversaries manipulate AI systems through context shaping and persona engineering, as well as how defenders can recognize and mitigate these techniques. The focus is not on embarrassment or punishment, but on education, preparedness, and resilience. Students leave with practical skills they can immediately apply to security engagements and career building.

    Course Outline:

    Day 1

    Introduction and course framing

    Current state of security awareness and human risk

    Module 1: Social Engineering Fundamentals

    • What social engineering is (and is not)
    • Red teaming vs. physical penetration testing
    • The human factor in compromise

    Module 2: Reconnaissance

    • Online reconnaissance
    • Real-world reconnaissance
    • Presenting findings effectively
    • Case study
    • Lab: Conducting reconnaissance

    Module 3: Phishing & Pretexting

    • Target selection
    • Emotional triggers
    • Case study
    • Lab: Constructing a phishing scenario

    Module 4: Engagement Preparedness

    • Preparing for on-site engagements
    • Scope clarification and expectation management
    • Defining success
    • Legal and ethical authorization
    • Lab: Creating a “Get Out of Jail Free” authorization artifact

    Module 5: Weapons of Mass Education (Bash Bunny Focus)

    •  Overview of adversary simulation tools (Bash Bunny, Pineapple, OMG cables, Flipper Zero, etc.)
    • Purpose and ethical use of these tools
    • Bash Bunny architecture and payload concepts
    • Writing beginner Bash Bunny payloads
    • Case study

    Day 2

    Module 6: AI as a Social Engineering Target and Tool

    • How adversaries socially engineer AI systems through prompt context, role assignment, and persona shaping
    • Common guardrails implemented by developers and how attackers attempt to influence or bypass them
    • Using AI responsibly to generate realistic personas, pretexts, and narratives for defensive simulations
    • Defensive considerations: recognizing AI-assisted social engineering and reducing organizational risk
    • Case study and discussion
    • Lab: Configuring and deploying Bash Bunny payloads

    Module 7: Infiltration Planning

    • Persona creation
    • Passive vs. assertive approaches
    • Timing, environment, and population analysis
    • Lab: Persona development for a simulated engagement

    Module 8: Execution Phase

    • Approach, deployment, and escape
    • Case study
    • Lab: Scenario execution and role-play

    Module 9: Aftermath & Education

    • Dealing with compromised users
    • On-the-spot education
    • Communicating findings to management
    • Reporting without blame
    • Lab: Educating and debriefing impacted users

    Closing discussion and takeaways

    Difficulty Level:

    Beginner to Intermediate

    Beginner Definition - The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired.

    Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

    Suggested Prerequisites:

    No formal prerequisites are required. Students should be comfortable using a laptop and web browser and have a general interest in security, social engineering, or adversary simulation. No prior scripting, AI, or hardware implant experience is required; all concepts are taught from first principles

    What Students Should Bring:

    • Laptop computer
    • Willingness to participate in discussion and scenario-based exercises

    What the Trainer Will Provide:

    • Hak5 Bash Bunny device for each student (to keep)
    • Course materials and lab guides
    • Example payloads, personas, and simulation scenarios

    Trainer(s) Bio:

    Jayson E. Street has been referred to as a “notorious hacker” by FOX25 Boston, a “World Class Hacker” by National Geographic’s Breakthrough series, and a “paunchy hacker” by Rolling Stone. He prefers to be known simply as a hacker, helper, and human. 

    He is the Chief Adversarial Officer at Secure Yeti and the author of the Dissecting the Hack series, which is required reading at multiple universities worldwide. Jayson is the DEF CON Groups Global Ambassador and has spoken at DEF CON, DEF CON China, GRRCon, SAINTCON, and numerous other conferences and academic institutions.

    Iain Jackson is a Social Engineer and Academy Hive Leader at CovertSwarm, conducting vishing, physical infiltration, and adversary simulation engagements that test the human layer of organisational security. Alongside his operational work, he leads the programme designed to bring the next generation of security professionals into the industry.

    Iain's path into cybersecurity didn't follow the traditional route. A background in education and hospitality gave him something many technical practitioners lack: a finely tuned understanding of human behaviour, communication, and the subtle dynamics of trust. It's a perspective he brings directly into his engagements, exploring how adversaries use psychology and AI to bypass human intuition, and building scenarios that reveal not just what went wrong, but why people made the decisions they did. His guiding principle is a quiet one: leave your targets better off than you found them.

    As Academy Hive Leader, Iain designed and runs CovertSwarm's Academy Programme, an alternative pathway into cybersecurity that deliberately removes the traditional barriers to entry. The Academy exists for people who have the curiosity and passion but don't yet see a route in, those who may feel intimidated by existing structures, or who simply don't fit the conventional mould the industry has long favoured. For Iain, diversity of background isn't a nice-to-have; it's what makes a security team genuinely stronger.

    From demonstrating voice cloning in real time to exploring the defensive potential of the uncanny valley, Iain bridges the gap between cutting-edge attack techniques and practical human understanding, believing that the most effective security work happens when you truly understand the person on the other end of the line.

    James Sheppard is a security consultant at CovertSwarm specialising in social engineering and human-layer security testing. A former Royal Marines Commando, James brings a mission-focused mindset to cybersecurity, applying the same principles of reconnaissance, deception, and controlled breach tactics used in military operations to modern corporate environments.

    In his role, James conducts advanced vishing, physical infiltration, and adversary-simulation engagements, helping organisations understand how attackers bypass security controls by targeting people rather than technology. By actively breaching client environments through realistic attack scenarios, he enables security teams to identify weaknesses in processes, awareness, and verification procedures before real adversaries can exploit them.

    James is particularly focused on demonstrating how seemingly small human decisions can lead to major security compromises, translating real-world attack techniques into practical defensive improvements for organisations. Drawing on his military background and field experience conducting covert access operations, he brings a unique perspective on how disciplined attackers think, plan, and execute.

    Registration Terms and Conditions: 

    Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

    Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

    All trainings are non-refundable after August 5, 2026.

    Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

    DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.

    $2,050.00
    $2,250.00