Your SlideShare is downloading. ×
Sploitego
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Sploitego

583
views

Published on

Nadeem Douba, GWAPT, GPEN currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public …

Nadeem Douba, GWAPT, GPEN currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public sectors. Nadeem has been involved within the security community for over ten years and has frequently presented talks in his local ISSA chapter, and most recently at DEF CON 20 on the topics of Open Source Intelligence and mobile security. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.

Published in: Education, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
583
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Presented by Nadeem Douba 1Monday, July 29, 2013@ndouba | ndouba@gmail.com
  • 2.  Situated in Ottawa, ON, Canada  Work at Cygnos Information Security as Pen- Tester ◦ Subsidiary of Raymond Chabot Grant Thornton  Open Source Intelligence (OSInt)/Data Science Fanatic!  Open Source Software Fanatic: https://github.com/allfro  Credentials? ◦ Yes I sold my soul to the devil… 2Monday, July 29, 2013@ndouba | ndouba@gmail.com
  • 3.  A Brief Intro to Maltego  What is Sploitego?  Why Sploitego?  Cool Demos  Installing Sploitego on Backtrack  Creating Your Own Transforms  Wrap Up  Questions Monday, July 29, 2013 3@ndouba | ndouba@gmail.com
  • 4. For those who are not familiar… Monday, July 29, 2013 4@ndouba | ndouba@gmail.com
  • 5. Sounds interesting… Monday, July 29, 2013 5@ndouba | ndouba@gmail.com
  • 6. Monday, July 29, 2013 6@ndouba | ndouba@gmail.com
  • 7.  Pen-test transforms for Maltego! ◦ Transforms for all stages  Built with Python and Canari Framework ◦ Rapid Development Local Transform Framework Monday, July 29, 2013 7@ndouba | ndouba@gmail.com
  • 8. Hasn’t this been done before? Monday, July 29, 2013 8@ndouba | ndouba@gmail.com
  • 9.  Open Source Intelligence (OSInt) gathering is a big part of our assessments.  Information we collect about our targets can break them.  Most OSINT tools work with Public information repositories.  What if you are working with something Private? Monday, July 29, 2013@ndouba | ndouba@gmail.com 9
  • 10. Monday, July 29, 2013 10@ndouba | ndouba@gmail.com
  • 11. Monday, July 29, 2013@ndouba | ndouba@gmail.com 11
  • 12. Pros Cons  Full Client-side Control  Maintain Privacy  Great Data Visibility ✗ Processing Overhead ✗ Development ✗ IP Disclosure Monday, July 29, 2013 12@ndouba | ndouba@gmail.com
  • 13. That can’t already be done with a remote transform? Monday, July 29, 2013@ndouba | ndouba@gmail.com 13
  • 14. On Backtrack… Monday, July 29, 2013@ndouba | ndouba@gmail.com 14
  • 15. Sploitego DNS Transforms Monday, July 29, 2013 15@ndouba | ndouba@gmail.com
  • 16. Service Discovery Demo Monday, July 29, 2013 16@ndouba | ndouba@gmail.com
  • 17. Vulnerability Discovery Demo Monday, July 29, 2013 17@ndouba | ndouba@gmail.com
  • 18. With the Canari Framework! Monday, July 29, 2013 18@ndouba | ndouba@gmail.com
  • 19.  Malformity by Keith Gilbert and team: ◦ https://github.com/digital4rensics/Malformity  NWMaltego, PaMalt, and CuckooForCanari by J. David Bressler and Rich Popson: ◦ https://github.com/bostonlink/nwmaltego_canari ◦ https://github.com/bostonlink/pamalt_canari ◦ https://github.com/bostonlink/cuckooforcanari  CookieGrabber by Adam Maxwell: ◦ https://github.com/catalyst256/canariCookieGrabber Monday, July 29, 2013@ndouba | ndouba@gmail.com 19
  • 20.  Canari Websites: ◦ http://www.canariproject.com ◦ https://forums.canariproject.com  Limited Documentation: ◦ https://github.com/allfro/canari ◦ https://github.com/allfro/sploitego  Youtube Channel: ◦ http://youtube.com/allfro  Source Code/Bugging me Monday, July 29, 2013 20@ndouba | ndouba@gmail.com
  • 21.  Email: ndouba@gmail.com  Twitter: @ndouba  Skype: nadeem.douba 21Monday, July 29, 2013@ndouba | ndouba@gmail.com
  • 22.  Paterva: ◦ Andrew MacPherson (Mohawk) ◦ Roelof Temmingh (RT)  Cygnos/RCGTCI  The Security Community 22Monday, July 29, 2013@ndouba | ndouba@gmail.com
  • 23. Questions in Q&A 23Monday, July 29, 2013@ndouba | ndouba@gmail.com