FACEROUTE: Mapping and Harvesting Social Media Sites

Expo Theatre (Hall G) October 18, 2011 - Feedback     

Bookmark and Share

Rob VandenBrink

It is a common practice for Social Media sites such as Facebook, MySpace and LinkedIn to be used as components in background and security checks, both in law enforcement and as part of modern hiring practices. In most cases, our social media “shadow” is either a neutral or a positive influence in these processes. However, the online presence of our friends, connections, followers and the like may be another matter entirely. A “friend of a friend” on Facebook can be as much or more of an influence on your reputation as the same relationship in real life. As social media becomes as much a reality as the real world, our actions and the actions of our online associates cannot help but influence our eligibility for employment or security clearances.

In this session we will present a set of tools to explore your immediate “neighborhood” on various social sites, using radial and iterative methods for simple recon, and SPF (Shortest Path First) routing algorithms to map routes between target individuals. We will also show tools for harvesting word lists, which can be used for discovery of potential leaks of sensitive information, as well as for assembling password lists for penetration tests. All tools will be demonstrated live.