• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Hacker tool talk: maltego
 

Hacker tool talk: maltego

on

  • 14,085 views

Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.

Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.

Statistics

Views

Total Views
14,085
Views on SlideShare
14,074
Embed Views
11

Actions

Likes
3
Downloads
0
Comments
0

2 Embeds 11

http://pinterest.com 6
https://twitter.com 5

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software or public intelligence.

Hacker tool talk: maltego Hacker tool talk: maltego Presentation Transcript

  • Hacker tool talk: Maltego
    “Security through knowledge”
    Chris Hammond-Thrasher
    chris.hammond-thrasher <at> ca.fujitsu.com
    Fujitsu Edmonton Security Lab
    February 2011
    1
    Fujitsu Edmonton Security Lab
  • Agenda
    Why are we here?
    About Maltego
    Installing Maltego
    Maltego demo
    What’s next?
    2
    Fujitsu Edmonton Security Lab
  • Why are we here?
    3
    Fujitsu Edmonton Security Lab
  • Ethics and motives
    “Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.”
    - R. Paul Wilson
    4
    Fujitsu Edmonton Security Lab
  • OSINT
    “Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”
    - Wikipedia
    5
    Fujitsu Edmonton Security Lab
  • About Maltego
    6
    Fujitsu Edmonton Security Lab
  • Features
    Maps relationships between numerous physical or digital objects
    Discovers information from numerous online sources
    Extensible: Maltego can model relationships between almost anything – add your own “entities”, write your own “transforms” and integrate to other systems with the API
    Free Community Version (as in beer and speech) and a powerful commercial version for ~US$700 for the first year
    7
    Fujitsu Edmonton Security Lab
  • Limitations
    Does not search social media sites due to policy restrictions on those sites
    Does not search commercial data sources
    Fujitsu Edmonton Security Lab
    8
  • Maltego vs. others
    You can manually gather similar data with search engines, DNS, whois, and social media searches
    i123people iPhone app (free)
    Commercial alternatives to MaltegoCE
    Maltego (commercial)
    Visual Analytics VisualLinks
    I2 Group Analyst’s Notebook
    Others
    9
    Fujitsu Edmonton Security Lab
  • Legit uses of Maltego
    Tracking SPAM posts on websites and mailing lists
    Verifying IT assets
    Competitive intelligence from public sources
    Gathering supporting information for individual background checks
    Other creative uses are possible – it is a flexible tool
    10
    Fujitsu Edmonton Security Lab
  • h4X0r$
    Passive reconnaissance in advance of a system attack
    Passive reconnaissance in advance of a social engineering attack
    11
    Fujitsu Edmonton Security Lab
  • Installing Maltego
    12
    Fujitsu Edmonton Security Lab
  • Choices
    Current release of Maltego Community Edition is 3.0
    Easiest: Get latest Backtrack (BT4R2) live CD or VMhttp://www.backtrack-linux.org/downloads/
    Windows installer with or without Javahttp://www.paterva.com/
    Linux rpm and deb binary packages availablehttp://www.paterva.com/
    MacOS coming soon
    13
    Fujitsu Edmonton Security Lab
  • Getting started
    Install via the usual means for your platform
    Start MaltegoCE
    double-click the icon in Windows
    maltego-ce from the Linux command line
    Fujitsu Edmonton Security Lab
    14
  • Register and login
    Fujitsu Edmonton Security Lab
    15
  • Update your transforms
    Fujitsu Edmonton Security Lab
    16
  • Install the cool Shodan add-ons
    Step 1: API key
    Get a free Shodan API key (free registration required)http://www.shodanhq.com/api_doc
    Fujitsu Edmonton Security Lab
    17
  • Install the cool Shodan add-ons
    Step 2: entities
    Download the entities at: http://maltego.shodanhq.com/downloads/shodan_entities.mtz
    In Maltego, select "Manage Entities" in the "Manage" tab.
    Select "Import..."
    Locate the "shodan_entities.mtz" file you just downloaded and click "Next".
    Make sure all entities are checked, and click "Next".
    Enter "Shodan" as a category for the new entities. Click "Finish".
    Fujitsu Edmonton Security Lab
    18
  • Install the cool Shodan add-ons
    Step 3: transforms
    Select "Discover Transforms" in the "Manage" tab.
    In the "Name" field, enter "Shodan"
    As a URL, use: https://cetas.paterva.com/TDS/runner/showseed/shodan
    Click "Add"
    Make sure the "Shodan" seed is selected, then click "Next"
    Again make sure you see "Shodan" selected, then click "Next"
    You now see a list of transforms that the "Shodan" seed has. Just click "Next"
    Click "Finish"
    Fujitsu Edmonton Security Lab
    19
  • Maltego demo
    20
    Fujitsu Edmonton Security Lab
  • Maltego demo
    Starting it up
    Tour through menus and windows
    Investigating a system target
    Investigating a human target
    21
    Fujitsu Edmonton Security Lab
  • What’s next
    22
    Fujitsu Edmonton Security Lab
  • Learn more
    Read the Maltego wikihttp://ctas.paterva.com/view/What_is_Maltego
    Read the Social-Engineer.org websitehttp://social-engineer.org/
    Read my old “How do hackers do it?” presentationhttp://www.picisoc.org/tiki-download_file.php?fileId=51&ei=TMI4TcOHBI2WsgOzrZHfAw&usg=AFQjCNH8Y_JPsbADDoOPvlNvPO7udJlmpQ
    23
    Fujitsu Edmonton Security Lab
  • Act locally
    At home
    Use MaltegoCE to manage what information you are exposing about yourself online
    You can request that Google remove content about youhttp://www.google.com/support/bin/answer.py?answer=164734&hl=en
    Monitor your children’s adherence to the family acceptable usage policy
    24
    Fujitsu Edmonton Security Lab
  • Act locally
    At work
    Use Maltego to audit public information about corporate systems
    Track down troublesome website or mailing list users (or bots) using publically available information
    25
    Fujitsu Edmonton Security Lab
  • Thank you!
    Want more presentations like this?
    Is there a particular tool or hack that you would like to see demoed?
    Chris Hammond-Thrasher
    Fujitsu Edmonton Security Lab
    Email: chris.hammond-thrasher <at> ca.fujitsu.com
    Twitter: thrashor
    26
    Fujitsu Edmonton Security Lab
  • Fujitsu Edmonton Security Lab
    27