Social networks contain waist amount of Information which can be explored and analyzed for various needs and Threat intel information is a very sweet piece of Pie either for White, Gray and Black Hats. As a pen-tester you can use social network data to look for information leaks that can help you to build your attack strategy. As a black-hat hacker you can and typically do monitor these social network information leaks as an early detection source. As a threat intelligence analyst you do hunt and share the indicators of interest with the community. We automatically process information flows from social networks such as twitter for the purpose of abuse detection. However, over the time we also have developed a number of filters to look for threat intelligence specific information. In this presentation we examine how the events of information leaks impact information security landscape. We examine these leaks from different angles and show what can be found on twitter and be of interest to a penetration tester, vulnerability researcher, or a threat analyst.
The presentation will discuss and illustrate with practical cases of mining the variety of threat actor related data on social networks. From self-promoting hacktivist groups to the disclosure of Indicators of Compromise (IoC) – we demonstrate how this can impact the attacker campaigns, causing them to adapt to the updated disclosure landscape. The indicators disclosed turn “actionable” threat intelligence into datasets only useful for post-mortem detection and historical examination. Further, we discuss how the social network data can be mined by Red Teams as a part of penetration testing process. Lastly, we demonstrate how blue teams can utilize such analysis as additional source of information to improve the detection process.