Christopher Hadnagy

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Christopher James Hadnagy is an American security consultant, author and professional social engineer. He is in the field of social engineering (SE) and authored three books: Social Engineering: The Art of Human Hacking[1], Unmasking the Social Engineer and Phishing Dark Waters.

Professional SE career[edit]

infographic about Social Engineering

Hadnagy began his technical career with his own business, AREESA Computers.

Hadnagy worked with the team that created BackTrack (now Kali).

Hadnagy has presented and trained at events such as RSA,[2] Black Hat,[3] ISSA[4] and given various presentations for corporate and government clients.

Hadnagy holds certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).[5]

History with DEF CON[edit]

At DEF CON 17 Hadnagy was approached to help start a Social Engineering contest for the popular hacking conference, DEF CON.

General Keith Alexander offers Chris Hadnagy the NSA Director’s Challenge Coin at DEF CON 20.

Hadnagy founded the Social Engineering Capture the Flag (SECTF[6]) competition. Ethical conduct is strictly enforced and personal/financial information is not allowed to be targeted.[7] Businesses and government agencies initially raised concern regarding the type of information that would be gathered and the methods that would be employed to collect it, however, after four years this has diminished.[8]

The contest is broken down into two sections: first, information gathering and planning attack vectors in the month before DEF CON and second, a public execution of a vishing attack in the SEVillage at DEF CON.[9] A competition report is released each year which many businesses utilize to help improve their security awareness programs.[10] The SECTF has also researched and reported on the topics of gender in the SE field, which industries are most susceptible to SE attacks, and improvements that have been seen in companies successfully targeted in previous years.

At DEF CON 18 Hadnagy and crew launched the first SECTF and became the first contest to receive a black badge its first year.[11] Each year the contest has grown in popularity and size.[12]

In 2011, Hadnagy developed SECTF4Kids for DEF CON 19 with the stated intention of teaching younger generations social engineering skills [13] In 2014 the SECTF4Kids was made an official DEF CON event rather than one of the kids' events.[14]


  1. ^ Chereshnev, Evgeny. "The Best-Selling Books on Security from RSA 2014". Kaspersky Lab Daily. Retrieved June 6, 2017. 
  2. ^ "Christopher Hadnagy | RSA Conference". RSA. Retrieved June 4, 2014. 
  3. ^ "Social Engineering for Penetration Testers". BlackHat. Retrieved June 4, 2014. 
  4. ^ "8th Annual Charlotte ISSA Security Summit". ISSA Charlotte Metro. Retrieved 22 July 2014. 
  5. ^ "Social-Engineer, Inc. _About page". Social-Engineer, Inc. Retrieved 4 May 2015. 
  6. ^ "CTF Archives - Security Through Education". Security Through Education. Retrieved 2017-01-10. 
  7. ^ "Social-Engineer.Org CTF Update – Awareness Abounds". Security through Education. July 21, 2010. Retrieved 25 July 2014. 
  8. ^ Jackson Higgins, K. (2010-06-04). "Defcon To Host 'Capture The Flag' Social Engineering Contest No unethical activities or 'damage' to targeted companies or people allowed". InformationWeek: DARKreading. Retrieved 25 July 2014. 
  9. ^ "The Social Engineering CTF – How Strong is Your Schmooze". Security through Education. Retrieved 25 July 2014. 
  10. ^ "You searched for SECTF Report - Security Through Education". Security Through Education. Retrieved 2017-01-10. 
  11. ^ "Social-Engineer Breaks a Defcon Record - Security Through Education". Security Through Education. 2010-08-04. Retrieved 2017-01-10. 
  12. ^ Smith, Mrs. "Social engineer tag teams to capture the flags at Def Con 22 contest". NetworkWorld. Retrieved 4 May 2015. 
  13. ^ "What the SECTF4Kids is All About". Security through Education. Retrieved 25 July 2014. 
  14. ^ "Kids To Hack Corporate Crime Caper Case At DEF CON". InformationWeekly: DARKreading. Retrieved 25 July 2014.