Keith Lee & Jonathan Werrett (Trustwave SpiderLabs)

PRESENTATION TITLE: Facebook OSINT: It’s Faster Than Speed Dating

PRESENTATION ABSTRACT:

The Facebook Graph has been a boom for Open Source Intel (OSINT). Since being released it has opened up a wealth of personal information about you which you would rather keep secret. The release of Graph Search in March has only made things more interesting.

In this presentation we will demonstrate a number other methods we have incorporated in our Social Engineering assessments based on both Facebook Graph and a number of other sources like Flickr, Linkedin, Facebook and Twitter.

We have developed a number of tools to profile targets during our social engineering attacks and as part of this presentation we have tided them up and released them as Maltego transforms. Examples include local transforms to harvest the information from Facebook Graph, extract check-ins and display them on a Google map.

During the presentation, we will demonstrate how we use Facebook Graph search to get a list of:

1. Places targets regularly visit

2. Work colleagues and/or school mates.

3. Friends list (even when normal access has been locked down)

4. Web sites that targets regularly visit

Rather than just present the information that can be gathering from OSINT sources, we illustrate how these techniques have been used during our social engineering engagements with some hilarious results. There will be an on-going demo during the presentation used to illustrate how to use the tools we have developed to extract and analyze information that we have gathered about the target using Facebook Graph and other publicly available sources.

ABOUT KEITH LEE

Keith Lee is a Penetration Testing Analyst with Trustwave’s SpidersLabs Asia-Pacific. SpiderLabs is one of the world’s largest specialist security teams, with over 100 consultants spread across North America, South America, Europe and the Asia Pacific. SpiderLabs has a focus on original security research and regularly presents at conferences such as BlackHat, DefCon, OWASP, Hack In The Box and Ruxcon. Keith is based out of Singapore and has primary focus is on providing penetration testing, social engineering and incident response services to clients in the Asia-Pacific region.

ABOUT JONATHAN WERRETT

Jonathan Werrett is a Managing Consultant with Trustwave’s SpidersLabs APAC team. In security roles stretching the best part of 10 years, Jonathan has secured web infrastructure at online start-ups in the UK, donned a suit under duress and worked for a multi-national in Melbourne and now provides security testing and response services for SpiderLabs’ clients from Hong Kong.