Watch Brandon Kovacs for an inside look at the evolving threat of deepfake-enabled social engineering. Drawing from real-world red team engagements, Brandon will walk through how synthetic media is being weaponized—and what organizations can do about it

Summary

In this session, Brandon Kovacs, guides the audience through the evolving landscape of deepfake threats. Beginning with a look at real-world incidents of deepfake-enabled fraud and misinformation, the session explores how adversaries collect and train data to build realistic video and voice impersonation models. Brandon demonstrates how these models are operationalized using open-source tools like RVC, DeepFaceLab, and OBS Studio to conduct convincing social engineering attacks over phone and video calls.

The presentation includes case studies from red team engagements, showcasing how deepfakes can bypass voice authentication systems and visual identity checks on video calls. Kovacs emphasizes the offensive capabilities of these technologies and shares how Bishop Fox integrates them into red teaming exercises. Importantly, he also discusses mitigation strategies organizations can deploy to recognize and resist deepfake-based attacks—from technical controls to social verification tactics.

The session concludes with a live demonstration and an extensive Q&A, touching on technical setups, latency management, and the role of deepfakes in both digital and physical security.

Key Takeaways

• Deepfake Threat Landscape

  • Deepfakes are increasingly used in financial fraud, misinformation campaigns, and identity spoofing.

  • Notable attacks include multimillion-dollar thefts via voice and video impersonation of executives.

• Offensive Use in Red Teaming

  • Red teams can effectively use deepfake voice and video to simulate adversarial tactics.

  • Deepfakes are used in scenarios like account takeovers, lateral movement, and social engineering via teleconferencing platforms.

• Deepfake Creation Methodology

  • Voice models use RVC (Retrieval-Based Voice Conversion) trained on publicly available data.

  • Video deepfakes are built using DeepFaceLab and deployed via DeepFace Live and OBS for real-time impersonation.

  • Models are trained on consumer-grade hardware for real-time inferencing with minimal latency.

• Detection and Mitigation Strategies

  • Verify caller identity by calling back via a corporate directory, avoiding reliance on caller ID.

  • Use mutual passphrases or “out-of-band” verification for sensitive communications.

  • Detect video fakes by requesting interaction with objects in the environment or testing for model breakdown with obstructions (e.g., waving a hand or object in front of the face).

  • Maintain strict policies for voice and video-based authorization workflows.

• Awareness and Training Applications

  • Deepfakes can support security awareness by simulating realistic threat scenarios involving key company figures.

  • Training employees with synthetic examples increases organizational readiness.

• Key Tools and Resources

  • Open-source: DeepFaceLab, DeepFace Live, RVC, OBS Studio, VB Audio/BlackHole.

  • Demonstrated in-depth via the Cyber Mirage webcast, available on demand.

• Future Outlook

  • Deepfake tools are rapidly evolving; defense will require a layered approach combining technology, process, and user training.

  • Expect deeper integration into red teaming, threat simulation, and awareness testing.

Who Should Attend

Security leaders, red team practitioners, security awareness trainers, and risk management professionals who need to understand and prepare for synthetic media-based attacks. This session is particularly valuable for those responsible for designing security controls, developing incident response plans, or training employees to recognize sophisticated impersonation attempts.