DEF CON 33 Social Engineering Community Village (Aug/2025)
Effective phishing campaigns traditionally demand extensive manual effort, involving detailed target reconnaissance, crafting believable scenarios, and setting up infrastructure. These manual processes significantly restrict scalability and customization. This talk explores a practical approach to leveraging Generative AI for automating core aspects of phishing workflows, drawing on direct experiences and real-world threat actors such as Emerald Sleet, Crimson Sandstorm, and Charcoal Typhoon.
The session thoroughly compares results from different models and platforms, including OpenAI ChatGPT, Anthropic Claude, and local alternatives, highlighting distinct strengths, weaknesses, and techniques for optimizing outcomes. Attendees will gain insights into deploying an end-to-end phishing campaign, emphasizing the models’ effectiveness in reducing the technical barrier of scaling phishing attacks. Finally, the talk underscores that while AI significantly enhances operational efficiency, it functions best when complemented by human judgment and expertise, reinforcing the critical human factor in cybersecurity practices.
DEF CON Social Engineering Community Village: https://www.se.community/presentations/
This recorded demo demonstrates how a threat actor can leverage AI (in this case, OpenAI's GPT-5) to classify a screenshot as a target either for phishing or password guessing.
This recorded demo demonstrates how a threat actor can leverage AI (in this case, OpenAI's GPT-5) to extract the complete HTML from an EML file, generating an exact copy of the original email.
This demo illustrates how a threat actor can utilize n8n, along with multiple AI models, to automate the deployment of a phishing campaign. It begins by receiving a domain and proceeds to use LLMs to ideate phishing content, ultimately sending the messages created.
0xc0da
sotarok
euglena1215
aoto
halka
asei
kubell_hr
yhana
recruitengineers
msykd
hacusk
oracle4engineer
gree_tech
productmarketing
eileencodes
mongodb
cassininazir
mza
smashingmag
jeffersonlam
bluesmoon
addyosmani
62gerente
stephaniewalter
csswizardry
