One of the attacks we usually do during red team engagements are phishing attacks. But to have a successful phishing campaign you will need a list of email addresses of the company you target. Luckily there is actually an easy way to retrieve a great portion of the email addresses that the company uses by using LinkedIn.
Nowadays almost all employees have a LinkedIn profile where information can be found about their current job and function. Due the fact that this information is available, LinkedIn also provides a search function where you can select a company and get a list of all the employees who set the company as current job. This is very useful info for an attacker to perform targeted phishing attacks against a company. For example, if you want to send fake CV with a malicious macro in it, you might want to send it to people from the HR department and because you know you are only sending it to the HR department it makes sure that the phishing campaign is less likely to detected as if you would pick random mail addresses which could include IT people who are more aware of the risks. The only thing you would need is the way how the company mail addresses are formatted. To make it easy to create a list of the persons I made a python script that takes several arguments and then provides a CSV list of names, mail addresses and job description.
You can find it on Github: https://github.com/VinnieV/Linkedin-mail-scraper