Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

TwitIntel: Social Media Data Analytics for Black/Grey and White-Hats

Fyodor Yarochkin, Vladimir Kropotov & Lion Gu

2 vote(s)

Social networks contain waist amount of Information which can be explored and analyzed for various needs and Threat intel information is a very sweet piece of Pie either for White, Gray and Black Hats. As a pen-tester you can use social network data to look for information leaks that can help you to build your attack strategy. As a black-hat hacker you can and typically do monitor these social network information leaks as an early detection source. As a threat intelligence analyst you do hunt and share the indicators of interest with the community. We automatically process information flows from social networks such as twitter for the purpose of abuse detection. However, over the time we also have developed a number of filters to look for threat intelligence specific information. In this presentation we examine how the events of information leaks impact information security landscape. We examine these leaks from different angles and show what can be found on twitter and be of interest to a penetration tester, vulnerability researcher, or a threat analyst.

The presentation will discuss and illustrate with practical cases how the disclosure of Indicators of Compromise (IoC) impacted attacker campaigns, causing them to adapt to the updated disclosure landscape. The indicators disclosed turn "actionable" threat intelligence into datasets only useful for post-mortem detection and historical examination. Further, we discuss how the social network data can be mined by Red Teams as a part of penetration testing process. Lastly, we demonstrate how blue teams can utilize such analysis as additional source of information to improve the detection process.


Fyodor is a Senior Threat Researcher with TrendMicro Taiwan. An early Snort developer, and open source evangelist as well as a “happy” programmer. Prior to that, Fyodor professional experience includes several years as a threat analyst and over eight years as an information security analyst responding to network, security breaches and conducting remote network security assessments and network intrusion tests for the majority of regional banking, finance, semiconductor and telecommunication companies. Fyodor is an active member of local security community and has spoken at a number of conferences regionally and globally.


Vladimir Kropotov is a researcher with Trend Micro Forward-Looking Threat Research team. Active for over 15 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies and was head of the Incident Response Team at Positive Technologies. He holds a masters degree in applied mathematics and information security. He also participates in various projects for leading financial, industrial, and telecom companies. His main interests lie in network traffic analysis, incident response, and botnet and cybercrime investigations. Vladimir regularly appears at high-profile international conferences such as FIRST, CARO, HITB, Hack.lu, PHDays, ZeroNights, POC, Hitcon, Black Hat EU and many others.


Lion Gu is a senior threat researcher at Trend Micro, Inc. He has been a security professional for over 13 years. His research covers various fields, including malware analysis, mobile security, and underground cybercriminal economy. He has spoken at several conferences like RuxCon, AVAR, AsiaCCS, and RISE.