Testing Your Organization's Social Media Awareness

Black Hat USA 2019

Presented by: Jacob Wilkin
Date: Thursday August 08, 2019
Time: 09:00 - 09:25
Location: Breakers GHI

The phishing landscape is rapidly changing, and in the last few years we have witnessed over a 10-fold increase in social media-based phishing. Yet social media sites have taken few steps to detect or block automated intelligence gathering on their platforms, and enterprises are far from understanding the new risks that users face via social media.

In this talk, I will examine how new tools can automate social media intelligence gathering, correlating profiles across sites and scraping data on a mass scale. Organizations can use this new intelligence gathering as a way to better understanding who within their companies are the most likely targets of social media-based attack. From there they can test for risks such as employees who are accepting random connection requests on LinkedIn or Facebook, and who is clicking untrusted links sent to them on their work machines. Red team attackers will learn how to scale up their social media phishing campaigns and how to save time when conducting large scale social media-based phishing.

During the talk, I will detail Social Mapper as well as release Social Attacker, the first open source, multi-site, automated Social Media Phishing Framework. I’ll be giving a high-level walk through on how you can use this along with Social Mapper to run mock social media phishing campaigns against your organizations. Join me to learn more about these tools and how they can help protect your enterprise.

Jacob Wilkin

Jacob Wilkin is a Security Consultant working at Trustwave SpiderLabs. His areas of expertise are application and network penetration testing, but he also performs OSINT and phishing for Red Teaming engagements. Jacob is an Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert(OSCE) and has an honour's degree from the University of Reading in Computer Science. Jacob is also an avid programmer and, in addition to working on internal development projects, is an active member of the open source community, releasing public tools such as Spray, Social Mapper and the upcoming Social Attacker.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats