Hacker tool talk: maltego


Published on

Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.

Published in: Technology
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software or public intelligence.
  • Hacker tool talk: maltego

    1. 1. Hacker tool talk: Maltego<br />“Security through knowledge”<br />Chris Hammond-Thrasher<br />chris.hammond-thrasher <at> ca.fujitsu.com<br />Fujitsu Edmonton Security Lab<br />February 2011<br />1<br />Fujitsu Edmonton Security Lab<br />
    2. 2. Agenda<br />Why are we here?<br />About Maltego<br />Installing Maltego<br />Maltego demo<br />What’s next?<br />2<br />Fujitsu Edmonton Security Lab<br />
    3. 3. Why are we here?<br />3<br />Fujitsu Edmonton Security Lab<br />
    4. 4. Ethics and motives<br />“Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.”<br />- R. Paul Wilson<br />4<br />Fujitsu Edmonton Security Lab<br />
    5. 5. OSINT<br />“Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”<br />- Wikipedia<br />5<br />Fujitsu Edmonton Security Lab<br />
    6. 6. About Maltego<br />6<br />Fujitsu Edmonton Security Lab<br />
    7. 7. Features<br />Maps relationships between numerous physical or digital objects<br />Discovers information from numerous online sources<br />Extensible: Maltego can model relationships between almost anything – add your own “entities”, write your own “transforms” and integrate to other systems with the API<br />Free Community Version (as in beer and speech) and a powerful commercial version for ~US$700 for the first year<br />7<br />Fujitsu Edmonton Security Lab<br />
    8. 8. Limitations<br />Does not search social media sites due to policy restrictions on those sites<br />Does not search commercial data sources<br />Fujitsu Edmonton Security Lab<br />8<br />
    9. 9. Maltego vs. others<br />You can manually gather similar data with search engines, DNS, whois, and social media searches<br />i123people iPhone app (free)<br />Commercial alternatives to MaltegoCE<br />Maltego (commercial)<br />Visual Analytics VisualLinks<br />I2 Group Analyst’s Notebook<br />Others<br />9<br />Fujitsu Edmonton Security Lab<br />
    10. 10. Legit uses of Maltego<br />Tracking SPAM posts on websites and mailing lists<br />Verifying IT assets<br />Competitive intelligence from public sources<br />Gathering supporting information for individual background checks<br />Other creative uses are possible – it is a flexible tool<br />10<br />Fujitsu Edmonton Security Lab<br />
    11. 11. h4X0r$<br />Passive reconnaissance in advance of a system attack<br />Passive reconnaissance in advance of a social engineering attack<br />11<br />Fujitsu Edmonton Security Lab<br />
    12. 12. Installing Maltego<br />12<br />Fujitsu Edmonton Security Lab<br />
    13. 13. Choices<br />Current release of Maltego Community Edition is 3.0<br />Easiest: Get latest Backtrack (BT4R2) live CD or VMhttp://www.backtrack-linux.org/downloads/<br />Windows installer with or without Javahttp://www.paterva.com/<br />Linux rpm and deb binary packages availablehttp://www.paterva.com/<br />MacOS coming soon<br />13<br />Fujitsu Edmonton Security Lab<br />
    14. 14. Getting started<br />Install via the usual means for your platform<br />Start MaltegoCE<br />double-click the icon in Windows <br />maltego-ce from the Linux command line<br />Fujitsu Edmonton Security Lab<br />14<br />
    15. 15. Register and login<br />Fujitsu Edmonton Security Lab<br />15<br />
    16. 16. Update your transforms<br />Fujitsu Edmonton Security Lab<br />16<br />
    17. 17. Install the cool Shodan add-ons<br />Step 1: API key<br />Get a free Shodan API key (free registration required)http://www.shodanhq.com/api_doc<br />Fujitsu Edmonton Security Lab<br />17<br />
    18. 18. Install the cool Shodan add-ons<br />Step 2: entities<br />Download the entities at: http://maltego.shodanhq.com/downloads/shodan_entities.mtz<br />In Maltego, select "Manage Entities" in the "Manage" tab.<br />Select "Import..."<br />Locate the "shodan_entities.mtz" file you just downloaded and click "Next".<br />Make sure all entities are checked, and click "Next".<br />Enter "Shodan" as a category for the new entities. Click "Finish".<br />Fujitsu Edmonton Security Lab<br />18<br />
    19. 19. Install the cool Shodan add-ons<br />Step 3: transforms<br />Select "Discover Transforms" in the "Manage" tab.<br />In the "Name" field, enter "Shodan"<br />As a URL, use: https://cetas.paterva.com/TDS/runner/showseed/shodan<br />Click "Add"<br />Make sure the "Shodan" seed is selected, then click "Next"<br />Again make sure you see "Shodan" selected, then click "Next"<br />You now see a list of transforms that the "Shodan" seed has. Just click "Next"<br />Click "Finish"<br />Fujitsu Edmonton Security Lab<br />19<br />
    20. 20. Maltego demo<br />20<br />Fujitsu Edmonton Security Lab<br />
    21. 21. Maltego demo<br />Starting it up<br />Tour through menus and windows<br />Investigating a system target<br />Investigating a human target<br />21<br />Fujitsu Edmonton Security Lab<br />
    22. 22. What’s next<br />22<br />Fujitsu Edmonton Security Lab<br />
    23. 23. Learn more<br />Read the Maltego wikihttp://ctas.paterva.com/view/What_is_Maltego<br />Read the Social-Engineer.org websitehttp://social-engineer.org/<br />Read my old “How do hackers do it?” presentationhttp://www.picisoc.org/tiki-download_file.php?fileId=51&ei=TMI4TcOHBI2WsgOzrZHfAw&usg=AFQjCNH8Y_JPsbADDoOPvlNvPO7udJlmpQ<br />23<br />Fujitsu Edmonton Security Lab<br />
    24. 24. Act locally<br />At home<br />Use MaltegoCE to manage what information you are exposing about yourself online<br />You can request that Google remove content about youhttp://www.google.com/support/bin/answer.py?answer=164734&hl=en<br />Monitor your children’s adherence to the family acceptable usage policy<br />24<br />Fujitsu Edmonton Security Lab<br />
    25. 25. Act locally<br />At work<br />Use Maltego to audit public information about corporate systems<br />Track down troublesome website or mailing list users (or bots) using publically available information<br />25<br />Fujitsu Edmonton Security Lab<br />
    26. 26. Thank you!<br />Want more presentations like this?<br />Is there a particular tool or hack that you would like to see demoed?<br />Chris Hammond-Thrasher<br />Fujitsu Edmonton Security Lab<br />Email: chris.hammond-thrasher <at> ca.fujitsu.com<br />Twitter: thrashor<br />26<br />Fujitsu Edmonton Security Lab<br />
    27. 27. Fujitsu Edmonton Security Lab<br />27<br />