Facebook OSINT: It’s Faster Than Speed Dating presented at HITBSecConf Malaysia 2013

by Keith Lee, Jonathan Werrett,

Summary : The Facebook Graph has been a boom for Open Source Intel (OSINT). Since being released it has opened up a wealth of personal information about you which you would rather keep secret. The release of Graph Search in March has only made things more interesting.
In this presentation we will demonstrate a number other methods we have incorporated in our Social Engineering assessments based on both Facebook Graph and a number of other sources like Flickr, Linkedin, Facebook and Twitter.
We have developed a number of tools to profile targets during our social engineering attacks and as part of this presentation we have tided them up and released them as Maltego transforms. Examples include local transforms to harvest the information from Facebook Graph, extract check-ins and display them on a Google map.
During the presentation, we will demonstrate how we use Facebook Graph search to get a list of:
Places targets regularly visit
Work colleagues and/or school mates.
Friends list (even when normal access has been locked down)
Web sites that targets regularly visit
Rather than just present the information that can be gathering from OSINT sources, we illustrate how these techniques have been used during our social engineering engagements with some hilarious results. There will be an on-going demo during the presentation used to illustrate how to use the tools we have developed to extract and analyze information that we have gathered about the target using Facebook Graph and other publicly available sources.