Call Center Village — presented by Call Theory
Book The Village

About Call Center Village - Ephemeral security expo and challenge

Modern call centers provide seamless 3rd-party support across a wide-spectrum of industries, often making security a per-client requirement.

With so many potential security requirements in the mix, call centers and answering services — especially those that provide business process outsourcing (BPO) services — represent a flexible model for practicing security implementations.

Call Center Village and the Answer Target scenario take advantage of concepts from war games, escape rooms, CTFs, role-playing, themed-experiences, game-masters, LARPing, and even classic video games to present a collaborative physical and digital security challenge that gets harder the farther you can progress.

Onsite & Online Players
∞ Players*
Progressive Difficulty
10 Levels
MITRE ATT&CK Techniques
30+
Exploitable Vulnerabilities
100+ CWEs

* — Onsite players limited by physical space and/or fire code. Some challenges are only available onsite.

MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

The omni-threat model we didn't ask for. - Flexible Challenges

Security categories built into the Answer Target scenario:

  • OSINT and Surveillance. Create target profiles using public information and site surveillance.
  • Omni-Channel. Voice, Video, Chat, Social, Fax, Pagers, SMS, WCTP, SNPP, and more.
  • Physical. Tailgating, lock-picking and other non-destructive entry techniques.
  • Telecom. Five9, Asterisk, 3CX, Kamailio, SIP, PSTN, and even butt-sets.
  • Remote Access. RDP, VPN and remote connectivity for agents and management.
  • Artificial Intelligence. Privacy, model censorship, RAG blab, and prompt injection.
  • Social Engineering. Can you talk your way into privileged information?
  • Cloud Infrastructure. Public cloud provider misconfigurations and misunderstandings.
  • Recording Considerations. Call recording laws, recording-spoofing, and authenticity.
  • Regulatory Compliance. HIPAA, PCI, and SOC2 Compliance.
  • Network. Firewalls, ACLs, monitoring, IDS/IPS, and Zero-Trust concepts.
  • Application. Web, API, and Line-of-Business applications and service debugging.

Realistic Training Scenario - Answer Target

A live-action break-in room for physical and digital security training. Essentially, a call center you can attack.

  • Community Scoreboard. Instantly see which challenges have been completed and track the top attackers on the CTF leaderboard. The scoreboard also tracks the current alert level of Answer Target actors and the progressive difficulty level of challenges.
  • Live-Action Roleplay. Answer Target consists of a variety of actors who fulfill different roles. You might see a security guard, a call center supervisor, or a remote work-from-home agent.
  • Multiple Simulated Locations. Answer Target consists of areas that represent real-life environments. The call center; the remote agents home; a co-location facility; and even the cloud. Experience different types of challenges at different locations.
  • Bring Your Own Toolset. No fake tools, gimmicks, or other shenanigans. Use real tools that you know and love (or the ones we provide) without fear of it actually working (or rather, breaking something.)

Call Center Village Contributors

  • Patrick Labbett

    Patrick Labbett

    Call Theory

  • Jay Moore

    Jay Moore

    Call Theory

  • Sarah Labbett

    Sarah Labbett

    Continental Message Solution, Inc.

  • Brendan Freisthler

    Brendan Freisthler

    Physical Security Consultant

Questions, feedback, or something else?

Contact the Call Center Village

Call Theory

  • Grove City Office
    3989 Broadway
    Suite 110
    Grove City, OH 43123
    United State of America