osint using twitter & python
DESCRIPTION
TRANSCRIPT
OSINT Footprinting
Using Twitter and Python
Who am I?
Raymond Lilly
@37point2
Analyst at a Social Media/Customer Relations Management company
Senior, Eastern Michigan University
Information Assurance/Network Security
What are we talking about?
OSINT gathering methods
Research with implications in
Intelligence
Social Engineering
Marketing
Intelligence
What are people talking about?
Intel vs Counter Intel
Targeting concerns
Individuals/Groups
Geographic regions
Time
Topics
Social Engineering
Leaking information
What do your co-workers/employees talk about during/after work?
IT talking about new tech deployments?
Any employees venting about internal issues?
C levels discussing personal hobbies/travel plans?
Marketing
Can you identify your customers?
What are they talking about?/What other interests do they have?
Can you profile them and use that to reach new potential customers?
Find new markets?
Reduce your customer assistance cost or increase customer satisfaction?
Fun Stuff
New Job info
What’s the corporate culture like?
Does the company embrace new tech/ideas or shun them?
Amplify the reach of your messages
Find organizations/groups that are interested in the same things you are
Key Twitter Concepts
Tweets – 140 characters
Following
Friends
Followers
Did you pick the user?
Followers
A -> B
Friends
B -> C
A -> B -> C
Twitter’s API
https://dev.twitter.com/docs/api
Authenticated vs. Unauthenticated
How hard is it to get OAuth Tokens?
REST
Streaming
Tweepy!
Python module for Twitter’s API
https://github.com/tweepy/tweepy/
Joshthecoder
GET status/user_timeline
Takes a user_id or screen_name
since_id
count
exclude_replies
include_rts
Tweepy.api.get_status(‘37point2’)
GET users/show
user_id/screen_name
include_entities
^-- Awesome!
Tweepy.api.get_user(‘37point2’)
"id": 286868576,
"id_str": "286868576",
"name": "37point2",
"screen_name": "37point2",
"location": "",
"description": "Information Assurance student at Eastern Michigan University. \r\nIntel Analysis, Data Viz, Incident Response",
"url": "http://www.linkedin.com/in/raymondlilly",
"protected": false,
"followers_count": 244,
"friends_count": 992,
"listed_count": 6,
"created_at": "Sat Apr 23 21:25:44 +0000 2011",
"utc_offset": -18000,
"time_zone": "Eastern Time (US & Canada)",
"geo_enabled": false,
"verified": false,
"statuses_count": 2024,
"lang": "en",
"description": "Information Assurance student at Eastern Michigan University. \r\nIntel Analysis, Data Viz, Incident Response",
Method to the Madness
Information Needed/Gathered
Tools used
Visualization
Analysis
Echo Chamber
Last 1000 Tweets of everyone followed
Basic Word Count
Wordle.net
Tweets per Day
Individual
Last 3200 Tweets
Community
Last 1000 Tweets (#infosec – May 18-21)
Plot Tweets over weekdays
Hashtags/Topics
Last 3200 Tweets
include_entities! #lazyhacker
include_rts
Google Visualization API
Hashtags & HashtagsWithRetweets
Retweets/Replies
Last 3200 Tweets
include_entities
include_rts!!!
Retweets
Replies
Best time for a response?
Interactions w/ Influence and Topics Klout
BOO!!!
Changes algorithm daily
What is the algorithm? /shrug
Weights social media sites differently
Useful
Topics!!
Score used as guideline
Model
Last 3200 Tweets
Include all the things!
Add Klout score and topics
Formula for Influence
Klout^2 * interactions
50 vs 60
2500 vs 3600
Time to get interactive!
Clients
Last 3200 Tweets
Total Counts
Client usage over time
More moving stuff!
Interactions & Topics
Last 3200 Tweets
include_entities
Maltego CaseFile
Community Edition
Interesting Tools
Tweetstats.com
Twopcharts
Klout
Kred
Socialmention
NetworkX