Harassment allegations against DEF CON veteran detailed in court filing

February 25, 2025 TH Author

Details about the harassment allegations leveled at DEF CON veteran Christopher Hadnagy have now been revealed after a motion for summary judgment was filed over the weekend.

Founder of Social-Engineer LLC and host of several DEF CON social engineering villages, Hadnagy was banned from the legendary cybersecurity conference in 2022 – as described in its transparency report – following claims of misconduct that were never detailed in depth.

Hadnagy sued DEF CON and its founder, Jeff Moss, in response, claiming among other things that the ban imposed “severe and irreversible” damage on his reputation. In his original complaint, Hadnagy claimed the ban was “unmerited”, and that Moss and DEF CON had made “false and defamatory claims that they conducted an investigation” and asked for damages of at least $50,000 as well as “equitable relief” to make him whole.

In March last year, a judge dismissed six of the seven claims made by Hadnagy – although Washington judge Brian Tsuchida denied the defendants motion to dismiss Hadnagy’s defamation claims. The infoseccer later filed a motion for reconsideration of the claims of defamation against Moss for publishing statements in the Transparency Report and Update, which was granted.

The motion [PDF] filed over the weekend for the first time provides details of the allegations made by more than a dozen people accusing Hadnagy of harassment in an attempt to dismiss the remaining defamation claim.

Hadnagy’s alleged “inappropriate fixation” with his female coworkers’ appearance is the main focus of the motion, which also alleges:

Regular outbursts of anger in the workplace and at DEF CON
A pattern of insulting employees
Designing training exercises that prompted students to question strangers about topics such as male circumcision, breast size, and feminine hygiene products
Brandishing of a switchblade

According to DEF Con’s lawyers, these were private complaints allegedly made about Hadnagy and sent to the conference organizers that led to his ban in 2022 and catalyzed the legal proceedings. The motion describes them as “shocking acts of harassment against many people over the course of years.”

According to the motion, Maxie Reynolds was the first to raise concerns with Moss in 2021. She was hired by Hadnagy’s company, Social-Engineer, in January 2020 and resigned in August 2021.

According to the motion and a 776-page exhibit document [PDF] filed as evidence by DEFCON on February 21, Hadnagy allegedly commented on Reynolds’ appearance to multiple industry figures during and after hiring her as a technical team lead.

“So she is that hot?” he is alleged to have asked one prominent member of the industry who had met Reynolds at various events before hiring her. In various other exchanges, documents provided to the court appeared to show he went on to say that Reynolds was “so hot it’s dumb” and that she looked like a “supermodel.”

Reynolds also wrote a book about social engineering while working at Hadnagy’s company, and worked with the founder who helped edit various chapters.

According to an “email to a tech journalist” included in the motion, Hadnagy said Reynolds resigned “3 days” before the book was due to be launched.

The motion claimed Reynolds also disclosed her allegations of Hadnagy’s misconduct to Neil Wyler, a senior staffer at DEF CON, alleging that Hadnagy had a tendency to “explode” at people in the workplace, among other things. Reynolds claimed Hadnagy then pulled all support for the book promotion campaign, as well as allegedly trying to scupper promotional efforts. He is claimed to have tried to cancel Reynolds’ appearances on five prominent cybersecurity podcasts, allegedly succeeding in three cases.

The exhibits attachment to the motion claims Hadnagy contacted Reynolds’ editor at publisher Wiley, Jim Minatel, to halt the book’s release, as well as contacting producers to stop her from appearing on TV shows.

In speaking to Minatel and TV producers, according to the motion, Hadnagy alleged that Reynolds illegally used two images that were involved in two active cases being handled by the Innocent Lives Foundation (ILF), a nonprofit founded by Hadnagy to investigate child sexual predators. Minatel removed the images and alerted the FBI.

The motion additionally states that Hadnagy had tried to destroy Reynolds’ reputation with future employers by falsely claiming she stole Social-Engineer intellectual property and started a competing company.

“She is a train wreck. Stole IP. Took work with her. Quit. Lied. Started a competitive company,” Hadnagy allegedly said in a character reference.

He also allegedly locked Reynolds’ company-issued PC remotely instead of wiping it, and siphoned personal data from it.

By her own admission in an October 2024 deposition, Reynolds felt afraid, anxious, nervous, and boxed in.

Hadnagy explained in a passage from a draft book he was writing that Reynolds disclosed her accusations about him after he pulled support for her book, a decision he made after allegedly discovering that she used ILF images in her book.

The excerpt went on to say: “I was called things like ‘serial sexual predator,’ ‘the Harvey Weinstein of infosec,’ ‘rapist,’ ‘child abuser,’ ‘thief,’ amongst other things I won’t list in this book. People who I thought were my closest friends ran from me like I had leprosy.

“That is why this book must exist. All the people, men and women, who will be or have been falsely accused, canceled, and destroyed. They may not have had the means to fight back, or the will, so they gave in and either ended their own lives or slithered off into nothingness. This book is for you.”

And then there were more

The motion went on to name various other women who had previously worked with Hadnagy, such as Michelle Fincher, Social-Engineer’s former COO.

The motion claims Fincher testified that “there was almost never a day in my entire four years working for Hadnagy that I was not either enraged or embarrassed due to something happening in the company or my interactions with him.”

She also alleged that Hadnagy repeatedly referred to her as a “hot Asian,” would comment on her legs, and how she should wear high heels.

She alleged that comments about Fincher and others being “hot Asians” were common. In one case, Hadnagy allegedly admitted one woman to a 2017 DEF CON village competition despite not being qualified to enter, saying: “She’s hot and she’s Asian. She’s in.”

Fincher claimed Hadnagy frequently berated and publicly humiliated employees for “various infractions, real or imagined.”

Cat Murdock, a former Social-Engineer staffer, was also quoted in the motion, backing up the claims about Hadnagy’s alleged anger, claiming that he was in some cases violent or threatened violence. Murdock claimed that Hadnagy had thrown a phone at her in the past.

Former ILF worker Samantha Gamble added to the allegations, claiming that Hadnagy frequently commented on her appearance, making remarks such as “watching [her] grow up is like drinking a fine wine,” and, after she gained some weight, that she “filled out and finally looked [her] age.”

Gamble also alleged she was made to feel uncomfortable while creating profiles of pre-pubescent girls to lure predators as part of an ILF operation, alleging Hadnagy would ask Gamble about her own experiences at that age, including details of breast cup size and pubic hair.

Moss commented on the motion via DEF CON’s X account, saying that if the filing fails to dismiss Hadnagy’s defamation case, he and the organization will prepare to go to trial.

“The legal standard for evaluating a summary judgment motion means giving the benefit of the doubt to the nonmoving party (Hadnagy) on all disputed facts,” he wrote on social media platform X. “Because of this we focused on the undisputed facts, including the documents and deposition testimony, that Chris can’t deny.”

Should the motion fail, Moss said, he would “start preparing for trial.”

We’ve asked Hadnagy’s attorneys for comment. ®