Testing Your Organization's Social Media Awareness

The presentation discusses the importance of testing an organization's social media awareness and introduces two open-source tools, Social Mapper and Social Attacker, to help with this task.

• Social media phishing is on the rise and has become a preferred vector for attackers
• Social media-based phishing has increased by 10-fold over the last few years
• Social media users have a high click rate of 33%
• The presenter has developed two open-source tools, Social Mapper and Social Attacker, to help organizations test their social media awareness
• Social Mapper automates social media intelligence gathering and can be used to identify employees who are accepting random connection requests on LinkedIn or Facebook
• Social Attacker is an open-source, multi-site, automated Social Media Phishing Framework that can be used to run mock social media phishing campaigns against an organization

The presenter, Jacob Wilkin, is a security consultant who has performed hundreds of penetration tests and hacked into multiple banks legally. He created Social Mapper and Social Attacker to help organizations test their social media awareness.

The phishing landscape is rapidly changing, and in the last few years we have witnessed over a 10-fold increase in social media-based phishing. Yet social media sites have taken few steps to detect or block automated intelligence gathering on their platforms, and enterprises are far from understanding the new risks that users face via social media.In this talk, I will examine how new tools can automate social media intelligence gathering, correlating profiles across sites and scraping data on a mass scale. Organizations can use this new intelligence gathering as a way to better understanding who within their companies are the most likely targets of social media-based attack. From there they can test for risks such as employees who are accepting random connection requests on LinkedIn or Facebook, and who is clicking untrusted links sent to them on their work machines. Red team attackers will learn how to scale up their social media phishing campaigns and how to save time when conducting large scale social media-based phishing.During the talk, I will detail Social Mapper as well as release Social Attacker, the first open source, multi-site, automated Social Media Phishing Framework. I’ll be giving a high-level walk through on how you can use this along with Social Mapper to run mock social media phishing campaigns against your organizations. Join me to learn more about these tools and how they can help protect your enterprise.