SocioSploit Articles


Twitter Remote Access Trojan (Twittersploit)

TL;DR Summary Developed a malware sample that leverages Twitter direct messaging as a channel for command and control. Background Web Service Command and Control Have recently been structuring a lot of my penetration testing efforts around the MITRE ATT&CK framework. One technique that specifically caught my attention while …

LinkedIn Phishing Email Enumeration

Summary (TL;DR) Using an automated web bot, it is possible to scrape personnel names and then translate those names into emails that can be used in phishing campaigns. Proof of concept uploaded to Github. Creating the LinkedIn Web Bot While testing, it was identified that LinkedIn will temporarily disable …

Building Bots with Mechanize and Selenium

Picking the right tool The Sociosploit team conducts much of its research into the exploitation of social media using custom built bots. On occasion, the team will use public APIs (Application Programming Interfaces), but more often than not, these do not provide the same level of exploitative capabilities that could …

Donations

Support the Cause The Sociosploit team engages in Social Media Exploitation research due to a passion for and an interest in information security, and also due to a concern of the lacking awareness of risks related to these social platforms. The team is not compensated for any of the research …

Disclaimer

Disclaimer The intention of SocioSploit is to demonstrate the (often misunderstood) risks related to the exploitation of social media. Many of the research projects contained herein include POCs (proof-of-concepts) and associated code samples. This code is made available for educational purposes, and reuse of this code is NOT encouraged. In …

About Us

Our Mission In the wake of all the recent controversy surrounding social media exploitation (Cambridge Analytica scandal, "fake news" dissemination, election meddling, etc.), we have concluded that a more thorough investigation is warranted to understand the risks associated with everyday use of social media. And so, Sociosploit was born. Sociosploit …