1. InfoconDB
  2. Black Hat
  3. Black Hat USA 2019
  4. Testing Your Organization's Social Media Awareness

Testing Your Organization's Social Media Awareness

Presented at Black Hat USA 2019, Aug. 8, 2019, 9 a.m. (25 minutes)

<p class="p1"><span class="s1">The phishing landscape is rapidly changing, and in the last few years we have witnessed over a 10-fold increase in social media-based phishing. Yet social media sites have taken few steps to detect or block automated intelligence gathering on their platforms, and enterprises are far from understanding the new risks that users face via social media.</span></p><p class="p1"><span class="s1">In this talk, I will examine how new tools can automate social media intelligence gathering, correlating profiles across sites and scraping data on a mass scale. Organizations can use this new intelligence gathering as a way to better understanding who within their companies are the most likely targets of social media-based attack. From there they can test for risks such as employees who are </span><span class="s2">accepting random connection requests on LinkedIn or Facebook, and who is clicking untrusted links sent to them on their work machines. Red team attackers will learn </span><span class="s1">how to scale up their social media phishing campaigns and how to save time when conducting large scale social media-based phishing.</span></p><p class="p1"><span class="s1">During the talk, I will detail Social Mapper as well as release Social Attacker, the first open source, multi-site, automated Social Media Phishing Framework. I’ll be giving a high-level walk through on how you can use this along with Social Mapper to run mock social media phishing campaigns against your organizations. </span><span class="s3">Join me to learn more about these tools and how they can help protect your enterprise.</span></p>

Presenters:

  • Jacob Wilkin - Penetration Tester, &nbsp;&nbsp;
    Jacob Wilkin works as a Penetration Tester at a large security consultancy. His areas of expertise are application and network penetration testing, but he also performs OSINT and phishing for Red Teaming engagements. Jacob is an Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert(OSCE) and has an honours degree from the University of Reading in Computer Science. Jacob is also an avid programmer and in addition to working on internal development projects is an active member of the open source community, releasing public tools such as Spray, SocialMapper and the upcoming Social Attacker.

Links:

Similar Presentations: