Back to Talks 2026
Talk

Ghost in the Hiring Machine: How to Spot Fake Personas Before They're on Your Payroll

Recon Village @ DEF CON 34August 6-9, 2026

Sunday, August 9 · 10:00 AM – 10:45 AMDEF CON Creator Stage 2

Abstract

People are getting hired and trusted every day. Some of them do not exist at all, yet they still pass interviews, collect paychecks, and gain access to sensitive systems. Campaigns attributed to the DPRK have shown that this threat is very real. So how do you catch a ghost with a resume?

Attendees will learn practical OSINT techniques for spotting fake personas and receive a checklist for thorough background checks. They will see these methods applied through two cases based on a true story, illustrating how these personas succeeded, how one could have been prevented, and where OSINT reaches its limits.

These techniques not only help attendees detect fake personas but also provide practical ways to protect their own privacy and control what personal information is visible online.

Speakers

Michael Reimsbach
Michael Reimsbach

Product Security @SAP

Michael is a Product Security Specialist at SAP, working with the SAP Cloud Infrastructure security team. His focus areas include vulnerability management, secrets management, and building secure internal services. He obtained multiple industry certifications such as OSCP, GCPN, and CISSP. A healthy dose of paranoia led him to explore OSINT and the surprising power of publicly available information. Beyond his day-to-day work, Michael is an active member of the cybersecurity community and helps organize BSides Luxembourg.

View full speaker profile →
Rishi C
Rishi C

Security Researcher

Rishi is a London-based security researcher with over five years of hands-on experience in IT. He currently specializes in vulnerability research, threat intelligence, and enterprise risk analysis. His current focus lies in identifying and analyzing zero-day vulnerabilities and emerging CVEs, often working to reverse engineer exploit mechanics and build detection logic before public weaponization. Rishi’s work spans both offensive and defensive domains—developing threat models based on real-world TTPs, crafting custom detection rules, and automating reconnaissance pipelines to uncover exploitable misconfigurations and exposed assets. He is particularly active in attack surface management (ASM) and OSINT, where he leverages DNS enumeration, passive data correlation, and large-scale infrastructure scanning to surface unknown entry points and map adversary-accessible exposure. Outside of research, Rishi integrates findings into operational tooling and supports data-driven prioritization strategies to bridge technical risk and business impact. His work reflects a deep commitment to adversary-informed defense and proactive discovery across modern hybrid environments.

View full speaker profile →