The amount of information available to the cybersecurity warriors of today can be quite useful. However, the intelligence-gathering process is quite cumbersome. If you’re focusing on smaller sample sizes, sure, it may not take you or your team much time. But when you’re looking to gather information at scale, it’s an entirely different story.
The experts at Trustwave know this well, so they’ve created an open source intelligence tool that enables penetration testers and red teasers to scrape information from social media accounts.
From LinkedIn and Facebook to Instagram and Weibo, Social Mapper leverages facial recognition to correlate social media profiles across a total of eight social media channels.
“It’s meant for scraping various social networks for information that can later be reused to build phishing campaigns or social engineering campaigns,” Karl Sigler, threat intelligence manager at Trustwave SpiderLabs told InfoSec Insider during a recent interview shot at the Black Hat Conference in Las Vegas. “It uses a photograph of a person and uses facial recognition to pinpoint that exact person.”
In the full interview below, Sigler discusses how penetration testers and red teamers can leverage Social Mapper and gives us a demonstration of how the threat intelligence gathering tool works.