Get familier with basic Maltego features. It is great tool for information gathering. Learn about the reconnaissance using Maltego and visualize the result. You can integrate tools like nmap with it.
This slideshow highlights the Tweet Analyzer machine, a tool created by Paterva and enabled through Maltego Carbon 3.5.3 and Maltego Chlorine 3.6.0. The Tweet Analyzer enables real-time captures of Tweets (from Twitter's streaming API) along with real-time sentiment analysis (based on polarities: positive, negative, and neutral), based on the Alchemy API.
Maltego is a data mining and information gathering tool that helps determine real world links between people, social networks, companies, websites, internet infrastructure, phrases, and documents. It works using "transforms" to identify key relationships and unknown relationships between information. Maltego logs limited usage data while respecting user privacy, and can be used for security assessments, investigations, and learning more about companies and individuals by accessing public information from beyond just Google in an easier manner than traditional search methods.
www.lifein01.com - for more info and tutorials
Maltego is an interactive data mining tool that renders directed graphs for link analysis.
Used in online investigations for finding relationships between pieces of information from various sources located on the Internet.
Using Maltego Tungsten to Explore Cyber-Physical Confluence in GeolocationShalin Hai-Jew
This presentation highlights a software tool that can run "machines" and "transforms" on the public Web to extract information powerfully. In this instance, this highlights how online information may be turned to geolocation data.
Exploring Article Networks on Wikipedia with NodeXLShalin Hai-Jew
With 4.7 million articles in the English version of Wikipedia, this crowd-sourced online encyclopedia is regularly one of the top-ten visited sites online. For many, this is the go-to source for a first read on a topic. The open-source and free Network Overview, Discovery and Exploration for Excel (NodeXL), which is an add-on to Microsoft Excel, enables the capture of “article networks” from Wikipedia. Such content network analysis-based data visualizations enable the development of research leads; some understandings of public conceptualizations of related concepts, peoples, events, and phenomena; the profiling of Wikipedia editors (both humans and ‘bots), and other research insights. This presentation will showcase this affordance of NodeXL and provide some ideas for practical applications of this channel of research and knowing.
OSINT Tool - Reconnaissance with MaltegoRaghav Bisht
This document provides an overview of the open source intelligence (OSINT) tool Maltego. It describes what Maltego is, how it works, and how to install it. Maltego allows users to map relationships between entities like people, organizations, websites, domains, and IP addresses through the use of transforms. It gathers information from online sources and users can write their own transforms and machines. The document provides details on features of Maltego and how to download the commercial or community editions.
Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.
Get familier with basic Maltego features. It is great tool for information gathering. Learn about the reconnaissance using Maltego and visualize the result. You can integrate tools like nmap with it.
This slideshow highlights the Tweet Analyzer machine, a tool created by Paterva and enabled through Maltego Carbon 3.5.3 and Maltego Chlorine 3.6.0. The Tweet Analyzer enables real-time captures of Tweets (from Twitter's streaming API) along with real-time sentiment analysis (based on polarities: positive, negative, and neutral), based on the Alchemy API.
Maltego is a data mining and information gathering tool that helps determine real world links between people, social networks, companies, websites, internet infrastructure, phrases, and documents. It works using "transforms" to identify key relationships and unknown relationships between information. Maltego logs limited usage data while respecting user privacy, and can be used for security assessments, investigations, and learning more about companies and individuals by accessing public information from beyond just Google in an easier manner than traditional search methods.
www.lifein01.com - for more info and tutorials
Maltego is an interactive data mining tool that renders directed graphs for link analysis.
Used in online investigations for finding relationships between pieces of information from various sources located on the Internet.
Using Maltego Tungsten to Explore Cyber-Physical Confluence in GeolocationShalin Hai-Jew
This presentation highlights a software tool that can run "machines" and "transforms" on the public Web to extract information powerfully. In this instance, this highlights how online information may be turned to geolocation data.
Exploring Article Networks on Wikipedia with NodeXLShalin Hai-Jew
With 4.7 million articles in the English version of Wikipedia, this crowd-sourced online encyclopedia is regularly one of the top-ten visited sites online. For many, this is the go-to source for a first read on a topic. The open-source and free Network Overview, Discovery and Exploration for Excel (NodeXL), which is an add-on to Microsoft Excel, enables the capture of “article networks” from Wikipedia. Such content network analysis-based data visualizations enable the development of research leads; some understandings of public conceptualizations of related concepts, peoples, events, and phenomena; the profiling of Wikipedia editors (both humans and ‘bots), and other research insights. This presentation will showcase this affordance of NodeXL and provide some ideas for practical applications of this channel of research and knowing.
OSINT Tool - Reconnaissance with MaltegoRaghav Bisht
This document provides an overview of the open source intelligence (OSINT) tool Maltego. It describes what Maltego is, how it works, and how to install it. Maltego allows users to map relationships between entities like people, organizations, websites, domains, and IP addresses through the use of transforms. It gathers information from online sources and users can write their own transforms and machines. The document provides details on features of Maltego and how to download the commercial or community editions.
Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.
Enterprise Open Source Intelligence GatheringTom Eston
Presented at the Ohio Information Security Summit, October 30, 2009.
What does the Internet say about your company? Do you know what is being posted by your employees, customers, or your competition? We all know information or intelligence gathering is one of the most important phases of a penetration test. However, gathering information and intelligence about your own company is even more valuable and can help an organization proactively determine the information that may damage your brand, reputation and help mitigate leakage of confidential information.
This presentation will cover what the risks are to an organization regarding publicly available open source intelligence. How can your enterprise put an open source intelligence gathering program in place without additional resources or money. What free tools are available for gathering intelligence including how to find your company information on social networks and how metadata can expose potential vulnerabilities about your company and applications. Next, we will explore how to get information you may not want posted about your company removed and how sensitive metadata information you may not be aware of can be removed or limited. Finally, we will discuss how to build a Internet posting policy for your company and why this is more important then ever.
This document provides an overview of how open-source intelligence (OSINT) techniques can be used both offensively and defensively. It discusses tools like Shodan, Maltego, Google searches, and malware sandboxes that can be leveraged to gather technical information about targets, infrastructure, and indicators of compromise. The document also emphasizes the importance of automation and privacy when conducting OSINT research to enhance attacks or strengthen defenses.
Hashtag Conversations,Eventgraphs, and User Ego Neighborhoods: Extracting So...Shalin Hai-Jew
This introduces methods for extracting and analyzing social network data from Twitter for hashtag conversations (and emergent events), event graphs, search networks, and user ego neighborhoods (using NodeXL). There will be direct demonstrations and discussions of how to analyze social network graphs. This information may be extended with human- and / or machine-based sentiment analysis.
This document discusses using Twitter and Python for open-source intelligence (OSINT) gathering. It provides an overview of Twitter concepts and the Twitter API. It also demonstrates how to use the Python library Tweepy to access Twitter data and analyze tweets. Specific analyses demonstrated include visualizing hashtags, retweets, replies and interactions over time. The goal is to gather intelligence on individuals, groups, topics and markets from public Twitter data.
This document summarizes an emerging investigative techniques seminar discussing big data, social networks, and mobile surveillance. It introduces topics like using IP addresses and DNS records to identify suspects. Later sections explain how social media sites and online profiles can provide important evidence, such as user IDs, photos and metadata, and chat histories. The document also discusses privacy concerns around uniquely identifying static IP addresses in the IPv6 system.
Open-source intelligence (OSINT) refers to information gathered from publicly available sources including social media sites, traditional media, maps, government reports, and academic papers. OSINT tools are used to gather intelligence from these sources through activities like searching metadata, websites, and databases. Common OSINT tools mentioned are Maltego for relationships, Google Hacking Database for search operators, Metagoofil for document metadata, Shodan for devices, Spiderfoot for automation, TheHarvester for online profiles, and FOCA for hidden information. While useful, OSINT has limitations like information overload and potential false positives.
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT ToolsMike Kujawski
These are my slides from a custom tool-based demonstration workshop I was asked to do where I went over various free tools that can be used to obtain valuable public data.
The document discusses open source intelligence (OSINT), including what it is, how it is used, techniques for gathering it, and tools that can be used. OSINT involves collecting publicly available data for intelligence purposes. It is produced from public sources and addresses specific intelligence needs. Security professionals use OSINT to identify vulnerabilities in organizations from accidental information leaks online or exposed assets. However, threat actors also use OSINT to find targets and vulnerabilities to exploit. The document recommends using OSINT proactively to find and address weaknesses before threats actors do. It provides examples of tools like Excel, OSINT Framework, Github search, and Wappalyzer that can be used to search public data and identify technical details about organizations and vulnerabilities.
Gates Toorcon X New School Information GatheringChris Gates
This document provides an overview of open source intelligence (OSINT) techniques for information gathering about a target domain. It discusses tools like Fierce, SEAT, Goolag for searching search engines; Google mail harvesters and Metagoofil for extracting emails and metadata; and online tools like ServerSniff and DomainTools. It emphasizes using Maltego to visualize relationships between data discovered and gain a fuller picture of the target domain, including IPs, servers, documents, and potential usernames without directly contacting the target's systems. The goal is developing an initial target list and insights that could enable further social engineering or client-side attacks.
Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
This document discusses open source intelligence (OSINT) and how it can be used to gather information from publicly available sources to produce actionable intelligence. It provides examples of how OSINT can be used for corporate security purposes like finding breaches, leaked credentials, or rogue employees. It also lists several tools that can be used for OSINT like Robtex, PassiveRecon, Maltego, GeoStalker, and FBStalker. It notes that while OSINT is not always actively used by penetration testers, it can provide valuable information when applied to a real pentest. The document emphasizes that OSINT is more than just manual data gathering and that understanding what attackers know about an organization is important.
Eavesdropping on the Twitter Microblogging SiteShalin Hai-Jew
This document discusses tools and methods for analyzing data from the Twitter microblogging platform. It begins by providing an overview of how researchers use Twitter to understand public conversations, influential accounts, and subgroups. It then covers Twitter demographics, countries and cities with trending topics, and its business model of targeted advertising. Various aspects of Twitter data are explored, including the types of data available, features of data sets, and methods for extraction and analysis. Potential applications of Twitter data analysis discussed include understanding issues, decision-making, remote profiling, identifying themes and sentiment, and designing messaging campaigns.
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
OSINT is a reconnaissance of intelligence from publicly available information to address a specific intelligence requirement. The slides are used in UCCU's workshop of OSINT.
Understand how essential it is to do memory analysis in order to find evidences which are rarely found anywhere else. This is not a copyright material and the information included is collected from various sources for educational purposes
The document provides an overview of the deep web and digital investigations. It defines the deep web as data that is inaccessible to regular search engines but exists on the internet. This includes dynamically generated web pages, private websites requiring login, and files accessible only through direct filesystem access. The document estimates the deep web is 400-550 times larger than the surface web that is indexed by search engines. Standard digital forensic procedures can be applied to investigate the deep web, but tools may need to be adapted to handle specialized browsers and access methods used to retrieve deep web resources.
Owasp osint presentation - by adam nurudiniAdam Nurudini
Open-Source Intelligence (OSINT) is intelligence collected from public available sources
“Open” refers overt, public available sources (as opposed to covert sources)
Its not related to open-source software or public intelligence
This information comes from a variety of sources, including the social media pages of your company and staff. These can be a goldmine of information, revealing information such as the design of ID badges, layout of the buildings and software used on internal systems.
This is the slides of the online talk given at @NullBhopal. This introduces people to Open Source INTelligence and their uses in daily life and pentesting.
30 Tools and Tips to Speed Up Your Digital Workflow Mike Kujawski
This document provides a list of free or low-cost online tools categorized into 8 sections: Googling, Digital Literacy, Social Search, Network Visualization, Design, Video, Security, and General. Each tool is briefly described including its purpose and key features. The document concludes by providing contact information for Mike Kujawski, the presenter.
OSINT refers to collecting, analyzing, and making decisions based on publicly available data to be used for intelligence purposes. It focuses on gathering information from free tools and resources, starting with scraping data from public sources like the internet. The goal is to help people find open-source intelligence resources that can be used for activities like targeted attacks, penetration tests, and red team activities without having to pay for access to data.
Nadeem Douba, GWAPT, GPEN currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public sectors. Nadeem has been involved within the security community for over ten years and has frequently presented talks in his local ISSA chapter, and most recently at DEF CON 20 on the topics of Open Source Intelligence and mobile security. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.
451 Research Report on Avalon Big Data Capabilities - 2017Tom Reidy
Avalon Consulting LLC provides big data consulting services and has established partnerships with Cloudera and SAP. It focuses on NoSQL, Hadoop, and SAP HANA Vora services. Avalon helps customers build "data hubs" to aggregate data from multiple sources and apply analytics. It works with Cloudera and Hortonworks to implement Hadoop solutions and with SAP to implement SAP Vora. One of its customers, Shaw Industries, initially piloted Hadoop internally and is now working with Avalon on big data projects.
Enterprise Open Source Intelligence GatheringTom Eston
Presented at the Ohio Information Security Summit, October 30, 2009.
What does the Internet say about your company? Do you know what is being posted by your employees, customers, or your competition? We all know information or intelligence gathering is one of the most important phases of a penetration test. However, gathering information and intelligence about your own company is even more valuable and can help an organization proactively determine the information that may damage your brand, reputation and help mitigate leakage of confidential information.
This presentation will cover what the risks are to an organization regarding publicly available open source intelligence. How can your enterprise put an open source intelligence gathering program in place without additional resources or money. What free tools are available for gathering intelligence including how to find your company information on social networks and how metadata can expose potential vulnerabilities about your company and applications. Next, we will explore how to get information you may not want posted about your company removed and how sensitive metadata information you may not be aware of can be removed or limited. Finally, we will discuss how to build a Internet posting policy for your company and why this is more important then ever.
This document provides an overview of how open-source intelligence (OSINT) techniques can be used both offensively and defensively. It discusses tools like Shodan, Maltego, Google searches, and malware sandboxes that can be leveraged to gather technical information about targets, infrastructure, and indicators of compromise. The document also emphasizes the importance of automation and privacy when conducting OSINT research to enhance attacks or strengthen defenses.
Hashtag Conversations,Eventgraphs, and User Ego Neighborhoods: Extracting So...Shalin Hai-Jew
This introduces methods for extracting and analyzing social network data from Twitter for hashtag conversations (and emergent events), event graphs, search networks, and user ego neighborhoods (using NodeXL). There will be direct demonstrations and discussions of how to analyze social network graphs. This information may be extended with human- and / or machine-based sentiment analysis.
This document discusses using Twitter and Python for open-source intelligence (OSINT) gathering. It provides an overview of Twitter concepts and the Twitter API. It also demonstrates how to use the Python library Tweepy to access Twitter data and analyze tweets. Specific analyses demonstrated include visualizing hashtags, retweets, replies and interactions over time. The goal is to gather intelligence on individuals, groups, topics and markets from public Twitter data.
This document summarizes an emerging investigative techniques seminar discussing big data, social networks, and mobile surveillance. It introduces topics like using IP addresses and DNS records to identify suspects. Later sections explain how social media sites and online profiles can provide important evidence, such as user IDs, photos and metadata, and chat histories. The document also discusses privacy concerns around uniquely identifying static IP addresses in the IPv6 system.
Open-source intelligence (OSINT) refers to information gathered from publicly available sources including social media sites, traditional media, maps, government reports, and academic papers. OSINT tools are used to gather intelligence from these sources through activities like searching metadata, websites, and databases. Common OSINT tools mentioned are Maltego for relationships, Google Hacking Database for search operators, Metagoofil for document metadata, Shodan for devices, Spiderfoot for automation, TheHarvester for online profiles, and FOCA for hidden information. While useful, OSINT has limitations like information overload and potential false positives.
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT ToolsMike Kujawski
These are my slides from a custom tool-based demonstration workshop I was asked to do where I went over various free tools that can be used to obtain valuable public data.
The document discusses open source intelligence (OSINT), including what it is, how it is used, techniques for gathering it, and tools that can be used. OSINT involves collecting publicly available data for intelligence purposes. It is produced from public sources and addresses specific intelligence needs. Security professionals use OSINT to identify vulnerabilities in organizations from accidental information leaks online or exposed assets. However, threat actors also use OSINT to find targets and vulnerabilities to exploit. The document recommends using OSINT proactively to find and address weaknesses before threats actors do. It provides examples of tools like Excel, OSINT Framework, Github search, and Wappalyzer that can be used to search public data and identify technical details about organizations and vulnerabilities.
Gates Toorcon X New School Information GatheringChris Gates
This document provides an overview of open source intelligence (OSINT) techniques for information gathering about a target domain. It discusses tools like Fierce, SEAT, Goolag for searching search engines; Google mail harvesters and Metagoofil for extracting emails and metadata; and online tools like ServerSniff and DomainTools. It emphasizes using Maltego to visualize relationships between data discovered and gain a fuller picture of the target domain, including IPs, servers, documents, and potential usernames without directly contacting the target's systems. The goal is developing an initial target list and insights that could enable further social engineering or client-side attacks.
Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
This document discusses open source intelligence (OSINT) and how it can be used to gather information from publicly available sources to produce actionable intelligence. It provides examples of how OSINT can be used for corporate security purposes like finding breaches, leaked credentials, or rogue employees. It also lists several tools that can be used for OSINT like Robtex, PassiveRecon, Maltego, GeoStalker, and FBStalker. It notes that while OSINT is not always actively used by penetration testers, it can provide valuable information when applied to a real pentest. The document emphasizes that OSINT is more than just manual data gathering and that understanding what attackers know about an organization is important.
Eavesdropping on the Twitter Microblogging SiteShalin Hai-Jew
This document discusses tools and methods for analyzing data from the Twitter microblogging platform. It begins by providing an overview of how researchers use Twitter to understand public conversations, influential accounts, and subgroups. It then covers Twitter demographics, countries and cities with trending topics, and its business model of targeted advertising. Various aspects of Twitter data are explored, including the types of data available, features of data sets, and methods for extraction and analysis. Potential applications of Twitter data analysis discussed include understanding issues, decision-making, remote profiling, identifying themes and sentiment, and designing messaging campaigns.
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
OSINT is a reconnaissance of intelligence from publicly available information to address a specific intelligence requirement. The slides are used in UCCU's workshop of OSINT.
Understand how essential it is to do memory analysis in order to find evidences which are rarely found anywhere else. This is not a copyright material and the information included is collected from various sources for educational purposes
The document provides an overview of the deep web and digital investigations. It defines the deep web as data that is inaccessible to regular search engines but exists on the internet. This includes dynamically generated web pages, private websites requiring login, and files accessible only through direct filesystem access. The document estimates the deep web is 400-550 times larger than the surface web that is indexed by search engines. Standard digital forensic procedures can be applied to investigate the deep web, but tools may need to be adapted to handle specialized browsers and access methods used to retrieve deep web resources.
Owasp osint presentation - by adam nurudiniAdam Nurudini
Open-Source Intelligence (OSINT) is intelligence collected from public available sources
“Open” refers overt, public available sources (as opposed to covert sources)
Its not related to open-source software or public intelligence
This information comes from a variety of sources, including the social media pages of your company and staff. These can be a goldmine of information, revealing information such as the design of ID badges, layout of the buildings and software used on internal systems.
This is the slides of the online talk given at @NullBhopal. This introduces people to Open Source INTelligence and their uses in daily life and pentesting.
30 Tools and Tips to Speed Up Your Digital Workflow Mike Kujawski
This document provides a list of free or low-cost online tools categorized into 8 sections: Googling, Digital Literacy, Social Search, Network Visualization, Design, Video, Security, and General. Each tool is briefly described including its purpose and key features. The document concludes by providing contact information for Mike Kujawski, the presenter.
OSINT refers to collecting, analyzing, and making decisions based on publicly available data to be used for intelligence purposes. It focuses on gathering information from free tools and resources, starting with scraping data from public sources like the internet. The goal is to help people find open-source intelligence resources that can be used for activities like targeted attacks, penetration tests, and red team activities without having to pay for access to data.
Nadeem Douba, GWAPT, GPEN currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public sectors. Nadeem has been involved within the security community for over ten years and has frequently presented talks in his local ISSA chapter, and most recently at DEF CON 20 on the topics of Open Source Intelligence and mobile security. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.
451 Research Report on Avalon Big Data Capabilities - 2017Tom Reidy
Avalon Consulting LLC provides big data consulting services and has established partnerships with Cloudera and SAP. It focuses on NoSQL, Hadoop, and SAP HANA Vora services. Avalon helps customers build "data hubs" to aggregate data from multiple sources and apply analytics. It works with Cloudera and Hortonworks to implement Hadoop solutions and with SAP to implement SAP Vora. One of its customers, Shaw Industries, initially piloted Hadoop internally and is now working with Avalon on big data projects.
The document provides an overview of a presentation on web penetration testing and hacking tools. It discusses what will and will not be covered, including demonstrations of tools like sqlmap, BeEF, and Metasploit used against vulnerable web apps. It also summarizes recent security events like Heartbleed and Shellshock, the OWASP top 10 vulnerabilities, and techniques for SQL injection, XSS attacks, and exploiting vulnerabilities like those in ColdFusion.
This document provides an overview of several tools available in Kali Linux for reconnaissance and vulnerability analysis during an ethical hacking test. It describes popular tools for information gathering like Maltego and Nmap, which can identify hosts, services, and vulnerabilities. It also covers vulnerability scanners such as OpenVAS, W3af, Nikto, Vega, OWASP ZAP, and Burp Suite that detect flaws in networks, systems, and web applications. The document aims to help ethical hackers effectively use these tools to test systems according to the responsibilities and expectations of their customers.
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
This document provides an overview of the OWASP Top 10 Risk Rating Methodology. It explains how risks are rated based on four factors: threat agent, attack vector, technical impact, and business impact. Each factor is given a rating of 1-3 (easy to difficult) and these ratings are multiplied together to calculate an overall weighted risk rating. An example of how this methodology would be applied to an SQL injection vulnerability is also provided.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Surachai Chatchalermpun has several cybersecurity certifications including the CEH, ECSA, and GPEN. He is certified in ethical hacking and penetration testing by EC-Council and SANS GIAC. Additionally, he holds certifications from OSSTMM and Mile2 that demonstrate his expertise in security testing methodologies and as a certified penetration testing engineer.
Alphorm.com Formation Hacking et Sécurité , avancéAlphorm
Formation complète ici :
http://www.alphorm.com/tutoriel/formation-en-ligne-hacking-et-securite-avance
Cette formation Hacking & Sécurité, Avancé est une approche avancée des pratiques et des méthodologies utilisées par les hackers dans le cadre d’intrusion dans des réseaux et des applications. C’est la suite de la première formation l’essentiel du Hacking & Sécurité.
Durant cette formation Hacking & Sécurité, Avancé nous mettons l’accent sur la compréhension technique et pratique des différentes formes d’attaques existantes, en se tardant sur les vulnérabilités les plus critiques : Social engineering, Dénis de service, le Fuzzing, les Botnets, Attaques Server-Side, Le Brute Force, Le cracking de mot de passe, Attaques Client-Side, MiTM Proxy, Elévation de privilège, Attaques Web, Attaques sur les réseaux sans fils, Bypassing HSSI, Bypassing MAC adress Authentication, Attaque WEP, Attaque WPA et WPA2, Clonage de points d'accès, L'attaque DoS.
A la fin de cette formation Hacking & Sécurité, Avancé vous serez capable de réaliser des audits de sécurité (test de pénétration) avancés au sein d’une infrastructure, tester la sécurité des réseaux sans fils ainsi que préparer un rapport sur vos activités avec des outils professionnels dédiés.
Comme dans la formation l’essentiel du Hacking & Sécurité cette formation Hacking & Sécurité, Avancé sera axée sur un lab détaillé et complet pour mettre toutes les techniques en pratiques.
Aussi vous pouvez télécharger pleines de ressources et outils en annexe de cette formation.
Extracting Social Network Data and Multimedia Communications from Social Medi...Shalin Hai-Jew
This presentation provides an overview of some of the data extractions that may be achieved on social media platforms using their respective APIs and a free open-source tool (NodeXL).
The document discusses various challenges in social network analysis including collecting and extracting network data at scale from sources such as the web, validating automated data extraction methods, and developing algorithms and software that can analyze large and complex network datasets. It also outlines different network analysis methods, visualization and simulation techniques, and recommendations for how tools can better support networking, referrals, and workflows across multiple data sources and programs. Scaling methods and algorithms to very large network sizes and developing standards to integrate diverse data and tools are highlighted as key challenges.
Avoiding Anonymous Users in Multiple Social Media Networks (SMN)paperpublications3
Abstract: The main aim of this project is secure the user login and data sharing among the social networks like Gmail, Facebook and also find anonymous user using this networks. If the original user not available in the networks, but their friends or anonymous user knows their login details means possible to misuse their chats. In this project we have to overcome the anonymous user using the network without original user knowledge. Unauthorized user using the login to chat, share images or videos etc This is the problem to be overcome in this project .That means user first register their details with one secured question and answer. Because the anonymous user can delete their chat or data In this by using the secured questions we have to recover the unauthorized user chat history or sharing details with their IP address or MAC address. So in this project they have found out a way to prevent the anonymous users misuse the original user login details.
Engines of Order. Social Media and the Rise of Algorithmic Knowing.Bernhard Rieder
Talk given at the Social Media and the Transformation of Public Space Conference on June 19 at the University of Amsterdam. References and comments are in the notes section.
The document discusses social networks and social network analysis. It defines a social network as connections between individuals or organizations through various social relationships. It then discusses how social network analysis can be applied to map and measure relationships between people, groups, and other entities. Key aspects of social network analysis include degree centrality, betweenness centrality, and closeness centrality. The document provides examples of how social network analysis has been applied and discusses how technologies like LinkedIn and future modeling techniques could further social network analysis.
The document discusses social networks and social network analysis. It defines a social network as connections between individuals or organizations through various social relationships. It then discusses how social network analysis can be applied to map and measure relationships between people, groups, and other entities. Key aspects of social network analysis include degree centrality, betweenness centrality, and closeness centrality. The document provides examples of how social network analysis has been applied and discusses how technologies like LinkedIn and future modeling could further social network analysis.
The document discusses social networks and social network analysis. It defines a social network as connections between individuals or organizations through various social relationships. It then discusses how social network analysis can be applied to map and measure relationships between people, groups, and other entities. Key aspects of social network analysis include degree centrality, betweenness centrality, and closeness centrality. The document provides examples of how social network analysis has been applied and discusses how technologies like LinkedIn and future advances may impact social networks and social network analysis.
The document discusses the emergence of the semantic web, which aims to make data on the web more interconnected and machine-readable. It describes Tim Berners-Lee's vision of a "Giant Global Graph" that connects all web documents based on what they are about rather than just linking documents. This would allow user data and profiles to be seamlessly shared across different sites without having to re-enter the same information. The semantic web uses standards like RDF, RDFS and OWL to represent relationships between data in a graph structure and enable automated reasoning. Several companies are working to build applications that take advantage of this interconnected semantic data.
This document discusses preventing private information inference attacks on social networks. It explores how released social networking data could be used to predict undisclosed private information about individuals, such as their political affiliation or sexual orientation. It then describes three sanitization techniques that could be used to decrease the effectiveness of such attacks. An experiment is conducted applying these techniques to a Facebook dataset to attempt to discover sensitive attributes through collective inference and show that the sanitization methods decrease the effectiveness of local and relational classification algorithms.
Integrating and publishing public safety data using semantic technologiesAlvaro Graves
The document outlines a project to integrate and publish public safety data from multiple sources using semantic technologies. It discusses the motivations for the project, including the need to make public safety information more accessible to citizens, policymakers, and law enforcement. It then describes the implementation of building a platform called PublicSafetyMap.org that aggregates public safety data semantically and visualizes it in maps and feeds that can be accessed online and on mobile devices. Challenges and next steps are also outlined, such as gaining trust, adding more data sources, and enabling annotation of events.
2010 Catalyst Conference - Trends in Social Network AnalysisMarc Smith
Review of trends related to social network analysis in the enterprise. Presented at the 2010 Catalyst Conference in San Diego, CA july 29, 2010. Presented with Mike Gotta, Gartner Group.
Anonymization of centralized and distributed social networks by sequential cl...IEEEFINALYEARPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYINGijaia
The pervasive use of social media platforms, such as Facebook, Instagram, and X, has significantly amplified
our electronic interconnectedness. Moreover, these platforms are now easily accessible from any location at
any given time. However, the increased popularity of social media has also led to cyberbullying.It is imperative
to address the need for finding, monitoring, and mitigating cyberbullying posts on social media platforms.
Motivated by this necessity, we present this paper to contribute to developing an automated system for
detecting binary labels of aggressive tweets.Our study has demonstrated remarkable performance compared to
previous experiments on the same dataset. We employed the stacking ensemble machine learning method,
utilizing four various feature extraction techniques to optimize performance within the stacking ensemble
learning framework. Combining five machine learning algorithms,Decision Trees, Random Forest, Linear
Support Vector Classification, Logistic Regression, and K-Nearest Neighbors into an ensemble method, we
achieved superior results compared to traditional machine learning classifier models. The stacking classifier
achieved a high accuracy rate of 94.00%, outperforming traditional machine learning models and surpassing
the results of prior experiments that utilized the same dataset. The outcomes of our experiments showcased an
accuracy rate of 0.94% in detection tweets as aggressive or non-aggressive.
A Machine Learning Ensemble Model for the Detection of Cyberbullyinggerogepatton
The pervasive use of social media platforms, such as Facebook, Instagram, and X, has significantly amplified
our electronic interconnectedness. Moreover, these platforms are now easily accessible from any location at
any given time. However, the increased popularity of social media has also led to cyberbullying.It is imperative
to address the need for finding, monitoring, and mitigating cyberbullying posts on social media platforms.
Motivated by this necessity, we present this paper to contribute to developing an automated system for
detecting binary labels of aggressive tweets.Our study has demonstrated remarkable performance compared to
previous experiments on the same dataset. We employed the stacking ensemble machine learning method,
utilizing four various feature extraction techniques to optimize performance within the stacking ensemble
learning framework. Combining five machine learning algorithms,Decision Trees, Random Forest, Linear
Support Vector Classification, Logistic Regression, and K-Nearest Neighbors into an ensemble method, we
achieved superior results compared to traditional machine learning classifier models. The stacking classifier
achieved a high accuracy rate of 94.00%, outperforming traditional machine learning models and surpassing
the results of prior experiments that utilized the same dataset. The outcomes of our experiments showcased an
accuracy rate of 0.94% in detection tweets as aggressive or non-aggressive.
This document summarizes research posters being presented at a computer science and electrical engineering department research review. It describes 8 posters presented by BS, MS, and PhD students. The posters cover topics such as identifying political affiliations in blogs, statistically weighted visualization hierarchies, voter verifiable optical-scan voting, predictive caching in mobile networks, generating statistical volume models, predicting appropriate semantic web terms, approximating online social network community structure, and utilizing semantic policies for managing BGP route dissemination.
Anonymization of centralized and distributed social networks by sequential cl...JPINFOTECH JAYAPRAKASH
The document discusses anonymizing social networks that are distributed across multiple data holders. It proposes algorithms to anonymize distributed social networks without revealing private information between nodes controlled by different data holders. The proposed system allows data holders to arrive at an anonymized unified network view through secure distributed protocols. This anonymization approach significantly outperforms existing methods by issuing views with lower information loss through clustering nodes.
Analyzing Social Media with Digital Methods. Possibilities, Requirements, and...Bernhard Rieder
Digital methods allow for the computational analysis of social media data through three main steps: data extraction via platform APIs, data processing and aggregation through extraction software, and data analysis and visualization using analysis software. While promising access to behavioral data at scale, social media analysis requires an understanding of each platform's data formalizations and technical limitations. Different analytical gestures can be applied through statistics, graph theory, and other methods to investigate patterns in content, users, and their relations.
A Machine Learning Ensemble Model for the Detection of Cyberbullyinggerogepatton
The pervasive use of social media platforms, such as Facebook, Instagram, and X, has significantly amplified
our electronic interconnectedness. Moreover, these platforms are now easily accessible from any location at
any given time. However, the increased popularity of social media has also led to cyberbullying.It is imperative
to address the need for finding, monitoring, and mitigating cyberbullying posts on social media platforms.
Motivated by this necessity, we present this paper to contribute to developing an automated system for
detecting binary labels of aggressive tweets.Our study has demonstrated remarkable performance compared to
previous experiments on the same dataset. We employed the stacking ensemble machine learning method,
utilizing four various feature extraction techniques to optimize performance within the stacking ensemble
learning framework. Combining five machine learning algorithms,Decision Trees, Random Forest, Linear
Support Vector Classification, Logistic Regression, and K-Nearest Neighbors into an ensemble method, we
achieved superior results compared to traditional machine learning classifier models. The stacking classifier
achieved a high accuracy rate of 94.00%, outperforming traditional machine learning models and surpassing
the results of prior experiments that utilized the same dataset. The outcomes of our experiments showcased an
accuracy rate of 0.94% in detection tweets as aggressive or non-aggressive.
Terrorism Analysis through Social Media using Data MiningIRJET Journal
This document presents a study that uses deep learning models like Deep Neural Networks (DNN) and Convolutional Neural Networks (CNN) to analyze terrorism through detecting toxicity in social media text data. The study aims to classify text data into categories like toxicity, severe toxicity, obscenity, threat, insult or identity hate. It provides an overview of DNN and CNN models for text classification and compares their methodology, architecture and performance. The models are trained on preprocessed social media data related to terrorist activities and aim to accurately predict the toxicity level and classify tweets for concerned authorities to make informed decisions.
Microsoft Research Cambridge 20071207 Workshop On Online Social Networks (T...Tin180 VietNam
This document summarizes a workshop on online social networks held at Microsoft Research Cambridge in December 2007. The goals of the workshop were to discuss promising future research areas and identify challenges related to network and distributed systems design. A wide range of topics at the intersection of social networks and computer networking were presented, including community detection, information sharing, recommendation systems, and privacy. The workshop aimed to foster interactive discussion of open questions rather than definitive answers.
Similar to Maltego Radium Mapping Network Ties and Identities across the Internet (20)
Long nonfiction chapters are not in-style and may never have been. Where average chapter lengths of nonfiction book chapters are about 4,000 – 7,000 words in length, some may be several times that max range number. The explanation is that there is some irreducible complexity that that chapter addresses that cannot be addressed in shorter form. This slideshow explores some methods for writing longer chapters while still maintaining coherence, focus, and reader interest…and while using some technological tools to write and edit more efficiently.
Overcoming Reluctance to Pursuing Grant Funds in AcademiaShalin Hai-Jew
Starting as an organization’s new grant writer can be a challenge, especially in a case where there has been a time lapse since the last one left. People get out of the habit of pursuing grant funds. This slideshow addresses some of the reasons for such reluctance and proposes some ways to mitigate these.
Writing grants is one common way that those in institutions of higher education may acquire some funds—small and big, one-off and continuing—to conduct research, hire faculty and researchers and learners and others, update equipment, update or build up new buildings, and achieve other work. This slideshow explores some aspects of the work of grant writing in the present moment in higher education.
Contrasting My Beginner Folk Art vs. Machine Co-Created Folk Art with an Art-...Shalin Hai-Jew
This document contrasts handmade folk art with machine-generated folk art created with an AI system. Handmade art involves material costs, learning over time, and serendipity, while machine art is more efficient but relies on the system's tendencies. Both can be used for self-expression, stress relief, and entertainment. However, handmade art may better support poetry, visual exploration, and thinking while machine art excels at structure, cultural references, and finding online audiences. The author views machine-assisted art as a collaboration that should augment but not replace manual skills.
Creating Seeding Visuals to Prompt Art-Making Generative AIsShalin Hai-Jew
Art-making generative AIs have come to the fore. A basic work pipeline typically involves starting with text prompts -> generated images. That image may be used to seed further iterations. Deep Dream Generator (DDG) enables the application of “modifiers” of various types (artist styles, visual adjectives, others) to be applied in addition to the text prompt.
Another approach involves beginning with a “seeding image,” a born-digital or digitized (born-analog) visual on which AI-generated art may be based for a multi-channel and multi-modal prompt. This slideshow provides some observations of how to think about seeding images, particularly in terms of how the DDG handles them, with its “algorithmic pareidolia” (“Deep Dream,” Wikipedia, July 3, 2023).
Human art-making is often about throwing mass-scale conversations. Artists are thought to help bridge humanity into the future. Whether generative AI art enables this or not is still not clear.
Multimodal “Art”-Making Generative AIs
Generative AI encompasses a broad range of computational technologies that emulate human intelligence across many domains including natural language processing, speech recognition, vision systems, gameplay, art creation, decision making, robotics and more. Generative AIs can be prompted through text, images or other modalities to create novel works based on their training data. Prompt engineering involves refining prompts to steer the AI's output. While generative AIs show promise for human-machine collaboration and art-making, challenges remain regarding factuality, derivative works, and achieving refined output.
Digital templates can provide structure for inputting information and also enable additional functionality like autocompletion, auto-correction, and dynamic layouts. Templates may be shared broadly and used in various applications. They are designed forms that can be created using a top-down or bottom-up approach and should be tested and evolved over time. Common examples of templates in higher education include forms, organizers, manuscripts, slideshows, videos, and digital learning objects.
In qualitative data analytics, computation is seen as complementing the work of human researchers by bolstering data analysis. Qualitative data analysis tools enable various types of computational analysis of both structured and unstructured data, including text analysis, visualization, and machine learning techniques. However, human researchers still play an important role in curating data and developing codebooks to guide both human and computational analysis of the data.
Common Neophyte Academic Book Manuscript Reviewer MistakesShalin Hai-Jew
1) Academic book reviewing is a common but often unpaid volunteer role that requires experience to avoid mistakes.
2) Neophyte or inexperienced reviewers must understand publishing context, ask relevant questions of manuscripts, and maintain impartiality and confidentiality.
3) Reviewers should approach their role with empathy, recognizing authors' challenges and investing time in preparation, while upholding quality standards to benefit authors, publishers, and disciplines.
Fashioning Text (and Image) Prompts for the CrAIyon Art-Making Generative AIShalin Hai-Jew
CrAIyon (formerly DALL-E after Salvador “Dali”) is a web-facing art-making generative AI tool online (https://www.craiyon.com/) that enables the uses of text (and image) prompts for the creation of watermarked, lightweight visuals. Counterintuitively, the rough visuals are much more usable for recombinations and remixes and recreations into usable digital visuals for various digital learning objects. The textual prompts are not particularly intuitive because of how the generative AI program was trained on mass-scale visuals). There is an art and occasional indirection to working prompts after each try, with the resulting nine-image proof sheets that CrAIyon outputs. The tool can be used iteratively for different outputs.
The tool sometimes turns out serendipitous surprises, including an occasional work so refined that it can be used / shared almost unedited. One challenge in using CrAIyon comes from their request for credit (for all non-subscribers to their service). Another comes from the visual watermarking (orange crayon at the bottom right of the image). However, this tool is quite useful for practical applications if one is willing to engage deep digital image editing (Adobe Photoshop, Adobe Illustrator).
Augmented Reality in Multi-Dimensionality: Design for Space, Motion, Multiple...Shalin Hai-Jew
Augmented reality (AR)—the use of digital overlays over physical space—manifests in a wide range of spaces (indoor, outdoor; virtual) and ways (in real space (with unaided human vision); in head gear; in smart glasses; on mobile devices, and others). There are various authoring technologies that enable the making of AR experiences for various users. This work uses a particular tool (Adobe Aero®) to explore ways to build AR for multiple dimensions, including the fourth dimension (motion, changes over time).
Based on the respective purposes of the AR experience, some basic heuristics are captured for
space design (1),
motion design (2),
multiple perception design (sight, smell, taste, sound, touch) (3),
and virtual- and tangible- interactivity (4).
The document provides an overview of the Adobe Aero training session, including pre-training, during training, and post-training steps. It then details the two hours of training, which include an introduction to augmented reality and the Adobe Aero app. Key concepts around AR like file types, scale, field of view, interaction design, and uses for teaching and learning are explained. The document outlines a simplified workflow for designing mobile AR experiences for education.
Some Ways to Conduct SoTL Research in Augmented Reality (AR) for Teaching and...Shalin Hai-Jew
One of the extant questions about augmented reality (AR) is how (in)effective it is for the teaching and learning in various formal, nonformal, and informal contexts. The research literature shows mixed findings, which are often highly context-based (and not generalizable). There are some non-trivial costs to the design/development/deployment of AR for teaching and learning. For the users, there is cognitive load on the working memory [(1) extraneous/poor design, (2) intrinsic/inherent difficulty in topic, and (3) germane/forming schemas]. For teachers, there are additional knowledge, skills, and abilities / attitudes (KSAs) that need to be brought to bear.
Exploring the Deep Dream Generator (an Art-Making Generative AI) Shalin Hai-Jew
The Deep Dream Generator was created by Google engineer Alexander Mordvintsev in 2014. It has a public facing instance at https://deepdreamgenerator.com/, which enables people to use text prompts and image prompts (individually or in combination) to inspire the art-generating generative AI to output images. This work highlights some process-based walk-throughs of the tool, some practical uses, some lightweight art learning, some aspects of the online social community on this platform, and other insights. Some works by the AI prompted by the presenter may be seen here: https://deepdreamgenerator.com/u/sjjalinn.
(This is the first draft of a slideshow that will be used in a conference later in the year.)
Augmented Reality for Learning and AccessibilityShalin Hai-Jew
Recently, the presenter conducted a systematic review of the academic literature and an environmental scan to learn how to set up an augmented reality (AR) shop at an institution of higher education. The ambition was to not only set up AR in an accessible and legal way but also be able to test for potential +/- effects of AR on teaching and learning. The research did not go past the review stage, because of a lack of funding, but some insights about accessibility in AR were acquired.
(The visuals are from Deep Dream Generator and CrAIyon.)
Engaging Pixabay as an open-source contributor to hone digital image editing,...Shalin Hai-Jew
This slideshow describes the author's early experiences with creating two accounts on Pixabay in order to advance digital editing skills in multimedia. The two accounts are located at https://pixabay.com/users/sjjalinn-28605710/ and https://pixabay.com/users/wavegenerics-29440244/ ...
This work explores four main spaces where researchers publish about educational technology: academic-commercial, open-access, open-source, and self-publishing.
Human-Machine Collaboration: Using art-making AI (CrAIyon) as cited work, o...Shalin Hai-Jew
It is early days for generative art AIs. What are some ways to use these to complement one's work while staying legal (legal-ish)?
Correction: .webp is a raster format
Getting Started with Augmented Reality (AR) in Online Teaching and Learning i...Shalin Hai-Jew
University creative shops are exploring whether they can get into the game of producing AR-enhanced experiences: campus tours, interactive gaming, virtual laboratories, exploratory art spaces, simulations, design labs, online / offline / blended teaching and learning modules, and other AR applications.
This work offers a basic environmental scan of the AR space for online teaching and learning, and it includes pedagogical design leads from the current research, technological knowhow, hands-on design / development / deployment of learning objects, and online teaching and learning methods.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Gen Z and the marketplaces - let's translate their needs
Maltego Radium Mapping Network Ties and Identities across the Internet
1. Shalin Hai-Jew
Kansas State University
Conference on Higher Education Computing in Kansas (CHECK)
May 29 – 30, 2013, Pittsburg State University, Pittsburg, Kansas
2. Maltego Radium™ (v. 3.3.3; v. 1 in 2008) is a penetration testing
tool that collects public data about organizations, websites, and
identities, for awareness of social and technological presence
across the Internet. The tool’s interface is highly usable and
interactive. The tool enables a deep dive analysis into the
interrelationships online, and it extends the “knowability” of
electronic identities. This tool enables explorations of emails,
telephone numbers, websites, organizations, by offering access to
information that would often be “invisible” otherwise. The visual
outputs are interactive and include half-a-dozen visualizations in a
social network (node-link) format. The presentation will show
how to conduct “machines” and “transforms” of a target, how to
visually map the data, and how to analyze it.
Maltego Radium: Mapping NetworkTies and Identities across the Internet 2
3. People at some point will have linked their pseudonyms with real-
world personally identifiable information (PII)
People act on interests (which are expressed in some way
electronically), and their interests reveal something about the
unknown node
People’s online relationships can identify an unknown node based
on the connections, power relationships, intercommunications,
and the external identities
All online actions can be linked to geographical locations, and
those locations may be revealing
Knowability of an unknown node / entity (or group) is increased
when a collective and comprehensive electronic footprint is
rendered
Maltego Radium: Mapping NetworkTies and Identities across the Internet 3
4. Hi! Who are you, and what are your interests
re: the topic? Anyone ever use a “hacking”
tool? If so, what?
Do you have an idea for a Maltego Radium™
“machine” or “transform” run that you want
us to try during this session? (I’ll ask you near
the end of the presentation.)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 4
6. People often interact in homophilous (preferential selection based
on similarities with the self or the in-group; assortative mixing) or
heterophilous (preferential selection by difference; disassortative
mixing) ways
Depending on the non-kin social context (such as work-based,
volunteer-based, romance-based, friendship-based, hobby-based, or
others)
People find meaning and identity in ways similar to those that are
close to them (the “company you keep” assumption); yet, people’s
identities in this age are not necessarily coherent and unified but
are fragmented and multiple and experimental
World is socially constructed in various types of hierarchies
(structurally)
Resources and information (and inter-exchanges) move through these
hierarchies through particular social paths
Maltego Radium: Mapping NetworkTies and Identities across the Internet 6
7. Electronic socio-technical spaces (STS)
somewhat mirror the real world but not 1-1
(or even close); called the “cyber-physical
confluence”
Electronic data may be used to make some
cautious extrapolations (or informal intuitions or
“whispers”) about real-world off-line
personalities, values, and actions
Social network analysis (SNA) data are used with
other information to set a full(er) context
Maltego Radium: Mapping NetworkTies and Identities across the Internet 7
8. Electronic spaces offer empirical in vivo (in-field) relational
information (based on actual links, actual connections,
and actual relationships based on electronic
documentation) that is behavior- and action-based and
not professed only
May include “big data” analyses of entire datasets of complete
networks
May include cross-references between numbers of data sets
Strength of inter-relationships is critical based on
interaction patterns
Complex statistics and layout algorithms are used to express
relationships in social network analysis
Radically different visualizations may be possible depending on
the layout algorithms
Maltego Radium: Mapping NetworkTies and Identities across the Internet 8
9. What moves through network topologies (digital
information, resources, influence and
socialization, and memes, etc.) is also important
to understand and analyze
Machine-analyzed computerized sentiment analysis
(through text mining) is one way to evaluate
messages moving through virtual communities
Word frequency counts is another machine-based
way to evaluate messages
Image analysis is another way to evaluate message
Maltego Radium: Mapping NetworkTies and Identities across the Internet 9
10. Graphs built from graph metrics, which describe structural
aspects of the network (such as numbers of nodes and
links, types of connections, density or sparseness of ties,
leadership and role types, motif censuses, and other
factors)
Graphs as 2D spaces
Not x or y axes but about relationships between the nodes and
the links
Can lay out the same information in multiple ways using the
same layout algorithm
Nodes and links (node-link diagrams); vertices and edges /
arcs
Direct and indirect ties
Centrality-peripherality dynamic (degree centrality); closeness-
distance dynamic (paths; degrees of separation)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 10
11. Fat (influential) and thin (peripheral) nodes; bridging
nodes
Nodes are parts of multiple or many networks
Nodes play different roles in different networks
Dense networks vs. low-density (sparse) networks
Networks function better with density for some group
objectives; networks function better with low-density or
sparseness for some other group objectives
Path dynamics for percolation and flow
In-group; out-group dynamics; social identity (node,
sub-group, network, and multi-network levels)
Layering effects; network dependencies; network
overlap and interrelationships
Maltego Radium: Mapping NetworkTies and Identities across the Internet 11
12. Multimodal elements
Root entities
Leaf entities
Branching connections
Connective events
Maltego Radium: Mapping NetworkTies and Identities across the Internet 12
13. What do you know about penetration (pen)
testing?
Any prior experiences with Maltego
Radium™?
Maltego Radium: Mapping NetworkTies and Identities across the Internet 13
14. Uses Java
Runs on Windows, Mac, and Linux operating systems
Applies a 2D or 3D Graphical User Interface (GUI)
Enables complex and fast crawls without need for command line
coding
Uses Maltego Radium™ (by Paterva)Transform Application
Servers for some data extractions
Maltego Radium: Mapping NetworkTies and Identities across the Internet 14
15. Shows links between people; groups of people (social
networks); companies; organizations; web sites; internet
infrastructure (domain, DNS names, netblocks, IP
addresses); phrases; affiliations; documents and files
Based on open-source (publicly available) information or
“open-source intelligence” (OSINT)
Does not involve the breaking of network controls to access
information
Assumes benign information in isolation may be turned
malicious in combination and / or relationship to other data (as
in “big data” analytics)
Is a “dual use” technology with a range of applied “data
harvesting” / structure-mining / datamining and analytical
uses
Maltego Radium: Mapping NetworkTies and Identities across the Internet 15
16. “Penetration”: Unauthorized access or a “break-
in” to a protected network
Combination of attacks on hardware (device exploits),
software (malware, password cracking, keyloggers,
andTrojan Horses), and wetware (social engineering,
phishing, and spear phishing)
Black Box, Gray Box, or Crystal Box (no knowledge of
the target network; partial knowledge of the target
network; full knowledge of the target network)
Conceptualized and practiced in an adversarial way
Maltego Radium: Mapping NetworkTies and Identities across the Internet 16
17. Risk environment modeling with adversaries
(white and gray-hat hackers; red teams)
Offensive and defensive campaigns (pen testing part
of offensive security testing)
Countermeasures: security awareness, self-
awareness of vulnerabilities (technological, human,
political, policy, and others), policy-setting,
surveillance / intrusion detection, firewalls, training of
staff, security networks, technologies,
communications, professional partnerships, and
others
Maltego Radium: Mapping NetworkTies and Identities across the Internet 17
18. Maltego Radium™
Enables crawls / scrapes / scans of the potential public and
private “attack vectors” of an organization or network’s
structure
Shows what is seeable and knowable by others, so proper
protections may be put into place (as part of basic
electronic reconnaissance or surveillance of so-called
“perimeter systems”)
May be used as part of a “red team” simulated (or actual)
attack to test defenses in pen testing
Offers a starting point for the strategy, planning, further
probes, and other actions
▪ May be followed by more focused, targeted, and nuanced attacks
Maltego Radium: Mapping NetworkTies and Identities across the Internet 18
19. “DOXING” (DOCUMENTING)
ATTACKS
“Doxing” based on
“documenting” by tracking
personally identifiable
information
Creation of “dossiers” of
individuals or groups by
hacktivists to use in ad
hominem and other attacks
CYBER-STALKING
Tracking individuals’
electronic presences and
relating that to real-world
presences for harassment
and other nefarious
purposes
Maltego Radium: Mapping NetworkTies and Identities across the Internet 19
20. INTERPERSONAL ELECTRONIC
SURVEILLANCE (IES)
Self-surveillance
Electronic grooming
Sousveillance (inverse
surveillance; watchful
vigilance from below or inside
an organization or social
structure; participant
surveillance)
Horizontal surveillance
Vertical surveillance
ORGANIZATIONALOR GROUP
SURVEILLANCE
Mapping one’s own organization
for public relations purposes
Analyzing telepresences on social
media platforms through
extractions of Representational
StateTransfers or “REST”
Perusing Internet andWeb-
based presences of
organizations
Creating outreach and marketing
strategies for external
organizations
Finding identities of individuals for
contact in corporations or
organizations (through the back
door)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 20
21. There are legitimate reasons to pursue pseudonymity and
anonymity (such as to prevent harm)
Eliminating pseudonymity (untraceable long-term anonymity;
exclusive use of a pseudonym over time for reputation transfer,
branding, and “authornym” use; ability to prove “holdership” of a
pseudonym) and anonymity (temporary, ephemeral, and partial
hiding) and enforcing an “inescapable identity” and non-
discretionary revelation
Traceability means that at least a single intermediary knows actual
identity (for traceable anonymity or traceable pseudonymity)
The problem of time involves the fact that archived electronic sites
are fixed (as big data corpuses), and may be analyzed using a variety
of future tools with increasing capabilities
Making the Internet more of a nonymous, transparent, and
traceable space
Maltego Radium: Mapping NetworkTies and Identities across the Internet 21
22. Harder to use Maltego Radium™ for actually verifying
identity and real-ness / personhood, without the
affordances of a verified real-persons database and other
checks
May guess that a virtual online identity is faked or improperly
back-stopped
Maltego Radium: Mapping NetworkTies and Identities across the Internet 22
23. THE INDIVIDUAL EXPERIENCE
De-anonymizing / re-identification: Connecting
personally identifiable information (PII) of the physical
self to aliases, pseudonyms, handles, or accounts
Narrowing the potential “anonymity sets” for various
individuals (those to whom one may be temporally
anonymous); the protection of identity as a “layered” one
Linking partitioned parts of an individual’s online life, and
connecting partial identities (from various contexts) to
coalesce for a fuller version of an individual
Maltego Radium: Mapping NetworkTies and Identities across the Internet 23
24. Identifying hidden (inter)relationships in electronic information:
Showing hidden connections and affiliations (for exploration and
analysis)
▪ Identifying sleeper communities of interest
▪ Identifying influential nodes (or clusters) in a network
Revealing personal information
▪ Extrapolation of user interests and online seeking behavior
Revelation of potentially private documents
The Human Flaw
“All aliases initially originate from one person, with one mind, and
one personality.”
Tal Z. Zarsky (2004, p. 1352), in “Thinking outside the Box: Considering
Transparency,Anonymity, and Pseudonymity as Overall Solutions to
the Problems of Information Privacy in the Internet Society”…
Said another way: “Character reveals…”
Vulnerable to “the aggregation attack” on profiles (requiring only a
few unique data points)
24Maltego Radium: Mapping NetworkTies and Identities across the Internet
25. …using Maltego Radium™
(likely with complementary other software, equipment, and tools)
25Maltego Radium: Mapping NetworkTies and Identities across the Internet
27. Think breadth and depth
1. Run a Maltego Radium™ Machine (sequencing
including synchronicity of selected “transforms”
through macros)…then further select transforms on
selected nodes
2. Drag and drop from the left menu “palette” to the
work space to actualize different select searches
Tailoring the data crawl through user filters (selecting
options at various junctures during the crawl)
May layer further queries on former search results (in
the same session or in later sessions)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 27
28. Maltego Radium™’s “machines” and “transforms” are
not invisible to the crawled or scanned networks; the
surveiller faces counter-surveillance
Radium™ user often gives up his or her identity and other
information when conducting a data extraction or crawl
(by leaving trace data)
Organizations and networks (their network
administrators) have it in their interests to know who is
scoping them out / possibly “prospecting”
▪ Many “attack surfaces” are honeypots (lures / traps / sentinel plots
for hackers to self-reveal); there will be purposeful obfuscation
▪ Forensic analyses post-attack may result much more about the
objectives and criminal skill sets of the attackers
Maltego Radium: Mapping NetworkTies and Identities across the Internet 28
29. GENERAL CRAWL
API key (application
programming interface)
IP Address (Internet Protocol
-- yours or the proxy one you
are using)
The transform executed
The time it executed
The user ID (which gives first
name, last name and email
address)
Paterva does not log the
questions asked or the results
ACCESSTO SOMEWEB
SERVICES
First name
Last name
Email address
Time registered
Time first used
How many transform you ran
MAC address you selected
Your operating system type
and version, but not details of
service packs etc.
GUI version
Maltego Radium: Mapping NetworkTies and Identities across the Internet 29
30. User has to allow Paterva to disclaim liabilities
before transform runs may be made
Crawl “Damage”: Unclear what “damage” may occur
from transforms (but some crawls may be trespassing)
Sample of a Disclaimer: “Please note this transform is
being run on the PatervaTransform Distribution Server
and has been written by the user 'Andrew MacPherson'.
This transform will be run on * and Paterva cannot be held
responsible for any damage caused by this transform, you
run this ATYOUR OWN RISK. For more information on
this transform feel free to contact…”
Maltego Radium: Mapping NetworkTies and Identities across the Internet 30
31. Select machine
(a sequence of
“transforms”)
Identify target
(phrase, name,
URL,
organization,
etc.)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 31
32. Select a transform (one type of
information changed to
another type) by dragging and
dropping from left menu bar to
the work space
Identify target by double-
clicking node
May highlight a range of icons
to conduct transforms on
Sub-transforms customized to
particular types of entities or
nodes
Information resolves out from
type to type
Maltego Radium: Mapping NetworkTies and Identities across the Internet 32
33. Company Stalker: Email addresses at a
company’s domain(s)
Footprint L1: “Fast” and limited footprint of a
domain
Footprint L2: “Mild” and semi-limited footprint
of a domain
Footprint L3: “Intense” and fairly in-depth and
internal footprint of a domain
Person- Email Address: Identifies a person’s
email addresses (but needs a disambiguated or
fairly uncommon name…or the data is noisy)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 33
34. Prune Leaf Entities: Prunes all leaves
(entities with no outgoing links and just one
incoming link—aka pendant nodes) to clear
the screen for re-crawls (and to de-noise the
data)
Twitter Digger: Phrase as aTwitter search
Twitter Geo(graphical) Location: Finding a
person’s location based on multiple
information streams
Maltego Radium: Mapping NetworkTies and Identities across the Internet 34
35. Twitter Monitor: MonitorsTwitter for
hashtags (#) and named entities mentioned
(@)
AllTwitter crawls rate-limited by amounts of
information downloadable per time period by
Twitter API
URL to Network and Domain Information:
From URL to network and domain
information
Maltego Radium: Mapping NetworkTies and Identities across the Internet 35
36. Devices
A phone, mobile device, or
other used by the individual
or connected to various
accounts or a network
Infrastructure
AS – Autonomous System
Number (as assigned by IANA
to RIRs)
DNS Name – Domain Name
System (identification string)
Domain – Internet Domain
IPv4 Address – IP version 4
address
Infrastructure (cont.)
MX Record – DNS mail
exchanger record (indicator of
mail server accepting email
messages and how email
should be routed through
SMTP)
NS Record – A DNS name
server record (with indicators
of subdomains)
Netblock – An internet
autonomous system
URL – An internet Uniform
Resource Locator (web
address as a character sting)
Website – An internet website
(related web pages served
from a single domain)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 36
37. Locations
A location on Mother Earth
(to find domains and other
such information)
Penetration (“Pen”)
Testing
Company
Social Network
Facebook Object
Twit entity
Affiliation – Facebook
Affiliation –Twitter
Personal
Alias
Document
Email Address
Image (EXIF or “Exchangeable
Image File” data extraction:
geotagged data, GPS, and
general image conditions
information like digital
camera settings)
Person
Phone Number
Phrase
Maltego Radium: Mapping NetworkTies and Identities across the Internet 37
38. May import or export
palette contents / entities
(macros for customized
“machines” sequences /
transforms sets, or stand-
alone “transforms”)
Assumes some ability to
create one’s own scripted
Maltego Radium™ macros
(with Maltego™ Scripting
Language or MSL) as well
May be as simple as drag-
and-drop with existing
transforms
38
41. Delinking
User pruning of nodes that
are not interconnected or
related to the search
User filtering or
identification of bad
domains to exclude from
the crawl
Linking
May link multiple nodes to
run further transforms to
identify possible
relationships
Maltego Radium: Mapping NetworkTies and Identities across the Internet 41
42. Extraction of close-in
node-level multiplex
data (vs. meta-level
networks)
Put cursor on a node
for the details in the
right pane
May conduct more
transforms on that
node for more data
42
43. May right-click to add notes on various
entities to keep written records and
annotations
Paterva’sCase File enables even more
sophisticated human-annotated record-
keeping of information discoveries (like
research journals or investigator files)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 43
44. What have your experiences been with data
visualizations? Graphs?
What are graphs?
How is data used to create graphs?
How are graphs interpreted?
Maltego Radium: Mapping NetworkTies and Identities across the Internet 44
45. Layout (and interaction) modes:
Block
Hierarchical
Circular
Organic
Interactive organic
Maltego Radium: Mapping NetworkTies and Identities across the Internet 45
55. Maltego Radium: Mapping NetworkTies and Identities across the Internet 55
“Company Stalker” (~ hackerish semantics)
56. Person
Affiliation (Flickr)
EmailAddress
Phone Number
Document
Phrase
Domain
Alias
URL
Website
Maltego Radium: Mapping NetworkTies and Identities across the Internet 56
58. Crawling two
persons to
see if
anything
links up
Combining
crawls to
answer
directed
questions
Maltego Radium: Mapping NetworkTies and Identities across the Internet 58
59. Maltego Radium: Mapping NetworkTies and Identities across the Internet 59
Links to an IP address
60. Importing:
Maltego Radium™ files
Tabular files
Saving :
.mtgx files
Exporting:
Data sets
Reports
Graphs
Maltego Radium: Mapping NetworkTies and Identities across the Internet 60
61. Maltego Radium™ Files
.mtz files (for PaletteTransform entities)
.mtgx files (for graph visualizations and
crawls)
Tabular Files
.csv, .xlsx, and .xls (for graphs)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 61
62. Saving Proprietary Data Sets
Saves as a .mtgx (Maltego Radium™ graph file)
May encrypt as AES-128 (Advanced Encryption
Standard 128)
Native files are not particularly large
Saves “machine” and “transform” parameters to
re-crawl and update data sets for future runs
Note: Datasets considered to be “unstructured”
or “loosely structured” because of the mix of
content structures among the types of captured
data
Maltego Radium: Mapping NetworkTies and Identities across the Internet 62
63. Exporting Reports and
Graphs
Report file types
(complete summaries
of extracted
information): .pdf
2D graph as image
(including zoomed-
in): .gif, .png, .bmp,
and .jpg
63
64. 64
May extract graph data as tables of textual
information for further analysis through “Entity
Lists” tab
65. APPLIED DECEPTION
So far, what do you think is
“knowable” (linkable) using tools
like Maltego Radium™ (along
with other research tools)?
What do you think your online
profile looks like?
How does this knowledge of
Maltego Radium™ capabilities
change how you deceive,
project, hide, obfuscate, or
throw others off your trail
(assuming you might)?
APPLIED ACADEMIC RESEARCH
Is there any interest in using this
tool for academic research
applications? If so, what sorts of
research applications are you
considering?
What may be asserted about the
data? How is this data bounded
or limited?
How can this high-
dimensionality data be used in
an “inference attack”? How
accurate or inaccurate would
such attacks be? How can the
accuracy of such attacks be
improved?
Maltego Radium: Mapping NetworkTies and Identities across the Internet 65
66. …through data-mining, structure mining
…through syntactic and semantic stylometry (with writing style as an
“invariant,” with discernible “tells” for obfuscated and imitated writing) for
authorship recognition
…through electronic “tells” and sufficiently detailed individual profiles
…through cross-referencing information from multiple databases (“big data”
analysis, especially statistical correlations)
…through computational research
…through human analytics and logic
Maltego Radium: Mapping NetworkTies and Identities across the Internet 66
67. A data crawl as a starting point…
Interactions with the data
▪ Logical deductions and inferences (e.g. Internet “traffic
analysis”—where people go online—based on linkability
structures)
▪ Ties to physical locations from multiple related accounts
Pruning of leaf entities to disambiguate the findings
Additional data extractions and crawls or
computational research
▪ Supplementary research with other complementary or even
overlapping software tools
Further hypothesizing and testing
Real-world explorations
Maltego Radium: Mapping NetworkTies and Identities across the Internet 67
68. SCALE: DATA SET SIZES
Giant (macro) data sets
Forever crawls for the L3
footprints (if one filters
unwisely by being too inclusive;
otherwise, blisteringly fast)
Total domain searches
(including whole-country
domain searches) but at a high
level
Huge depth that is time-
consuming to explore
(demanding on researchers)
Micro data sets as well (to the
level of the individual ego
node)
TIME
May be a slice-in-time,
sequential, or continuously
dynamic (for real-time
dynamic network analysis or
“DNA”; focus on changes over
time or trendline data)
temporal data
Continuous dynamic for an
“intel dashboard” or “data
feed” for situational
awareness
May be used to link space and
time dimensions
68
SPATIO-TEMPORAL
69. A fast-changing electronic environment
Need to update and review data extractions regularly
Need to be aware of the existence of private channels
Need to work within an evolving legal ecosystem
Costs: time, computational expense, attention
Binding up time (even with blinding speeds of
millisecond crawls) and computational expense on
even high-end consumer machines
Premature crawl stoppages, incomplete crawls, or
over-data (excessive data)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 69
70. User / analyst strengths and limitations
Need to wield the tool intelligently and not over-claim or
under-claim results
Could use tool for initial discovery, pattern recognition,
and anomaly detection
Engage a fairly high learning curve
Apply complementary data for informed interpretation
Avoid conflating popularity with influence, thin node
peripheral positions with powerlessness, and other
challenges
Avoid under-sampling (collecting too little information)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 70
71. Newness of computational research in some
academic / research / professional fields and
analytical applications
Challenges to research rigor and generalizability
Challenges to domain field acceptability
Openness in terms of methodologies
The “primitiveness” of network science in various
practical (research, analysis, decision-making, and
other) applications
Maltego Radium: Mapping NetworkTies and Identities across the Internet 71
72. May not be able to generalize far with only a partial
data extraction or crawl (social media platform API
limits, software limits), which provides descriptive
data about networks
Even relatively “complete” crawls have to be properly
analyzed and documented
▪ Particular “branches” may be analyzed to understand particular ego
neighborhoods or focal nodes
▪ Crawls may include long-closed accounts (such as for emails)
▪ Other branches need to be pruned to de-noise the data
Analysis requires the making of inferences from what may
be seen structurally
May only assert within legal bounds (no hackerish
techniques to access information—of course)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 72
73. Social media platform accounts may be human, ‘bots, or
cyborgs
Various socio-technical systems (STS) may be gamed
▪ People engage in impression management and spin; they engage in
obfuscation (they are strategic about information); identities may be
back-stopped electronically with various hoaxed accounts
Electronic systems may all be hoaxed (like honeypots or black
holes, accounts, online email systems, digital contents, and
websites)
Accounts may have some “light leakage” or “data exhaust”
(unintended revelations that may be observed, analyzed,
inferred, deduced, or extracted by practiced researchers) or
“behavior leakage” (oblique indicators that may be observed
from accounts), but these are often subtle and observed
through machine learning and statistical analyses
Maltego Radium: Mapping NetworkTies and Identities across the Internet 73
74. Maltego Radium™ only captures some information. It
cannot…
“see” what’s not connected to the Internet andWWW or
capture what is happening non-electronically in the real or
physical or non-cyber world (it cannot bridge the cyber-
physical confluence)
“go back in time” to map sites that are no longer online (in
some form)
“see” what is labeled “private” in social media platforms
“see” how users navigate the electronic network
“see” what the characteristics are for particular entities /
nodes / sub-graphs or sub-groups (identify or describe
node “biases” in social network-speak)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 74
75. It cannot…
“see” what is in the Deep Web or Invisible Web (dynamically
created pages or those requiring registration), only what’s on
the publicly indexable “static” Web
explicitly indicate to researchers which nodes or links to explore
in more depth
maintain a continuous crawl for more dynamic data likeTwitter
Digger on background (unless the machine is kept running)
(currently) trace and extract what information is moving
through networks (content diffusion or percolation)
create an invisible or stealth crawl (you will be seen skulking
about)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 75
76. Multimodal data extractions may be done to
understand…
Network ties (social, technological, and content)
Spatiality and geo-location
Technological structures
Human and organizational identity (PII) (through cross-
referenced information)
Device usage online (~ to what Shodan computer search
engine reveals)
Available contact information
“Not knowing” / being unaware is a “dominated
strategy,” an inherently “losing” or subordinated
approach (in game theory)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 76
77. Maltego Radium™ brings together various
functionalities that may be done separately with
separate customized programs, Google Search,
Network Solutions’WHOIS, DNS, NodeXL social
media platform data extractions, and then data
visualization tools… but not as efficiently or as
elegantly (especially for high-scale analyses and link
analysis) …and not continuously over time
Maltego Radium™’s capabilities may be tested by
conducting “machines” and “transforms” on known
targets with known answers initially
Maltego Radium™ is styled in a sophisticated way,
with cool visuals and sound effects
Maltego Radium: Mapping NetworkTies and Identities across the Internet 77
78. MALTEGO RADIUM™ AS A
SOFTWARETOOL
What are some other possible
practical and “feral” applications
of Maltego Radium™ (adapted
“unintended use” applications)?
Computational journalism?
Outreach and marketing?
Academic research?
Predictivity? Is it possible to
predict group dynamics based on
electronic network structures?
Traffic? Contents?
What are some new
functionalities that would
enhance this tool?
MALTEGO RADIUM™ AS A
PENETRATIONTESTINGTOOL
In terms of its pen testing
applications, what are some
complementary software
programs that may be used to
Test network defenses?
Surface hidden information?
Identify and exploit vulnerabilities?
Maltego Radium: Mapping NetworkTies and Identities across the Internet 78
79. Paterva’s Maltego Radium™
Paterva
Maltego Radium
CaseFile
MaltegoTungsten (for collaborative data
extractions)*
Maltego Radium Blog
MaltegoTutorials:The Complete and Official Set
(onYouTube)
Maltego Scripting Language (1.1) Guide (2012)
Maltego Radium Release (2012)
MaltegoVersion 3 User Guide (2011)
Maltego Radium: Mapping NetworkTies and Identities across the Internet 79
80. COMMUNITYVERSION
Free limited “community”
version available for non-
commercial use
API keys expire every few
days
Runs in private or public mode
on community servers (slower
crawls); latter collects back-
end statistics to benefit the
community
User information collected
Lag in features already in the
professional version
COMMERCIALVERSION
Annual subscriptions to the
software license available
(with a 10% educational
discount)
Initial higher cost ($650 first
year; $350 for consecutive
years thereafter—or 365 days)
Includes access to crawls
using Paterva servers
80
81. Semantics
Tool functions
Processes
Practical
applications
Worldviews and
mindsets
Maltego Radium: Mapping NetworkTies and Identities across the Internet 81
Drat! No Ctrl + Z “Undo” FunctionYet
82. Maltego Radium™ on
Social Media
Paterva onTwitter
(@Paterva)
Maltego on Facebook
Paterva / Maltego on
YouTube
RSS Feed
Maltego Radium: Mapping NetworkTies and Identities across the Internet 82
83. Who is Paterva?
Development Team for
Maltego Radium: 5
individuals based out of
Gauteng, S. Africa
RoelofTemmingh
44B Nelmapius Road Irene
Pretoria, Gauteng 0157
ZA
Phone: +27.27834486996
Email:
roelof.temmingh@gmail.c
om
@roeloftemmingh on
Twitter
A “company stalker” crawl
of www.Paterva.com (to
the right)
Making the company
“drink its own
champagne” :P
Maltego Radium: Mapping NetworkTies and Identities across the Internet 83
84. “A Brief Overview of Social Network Analysis and NodeXL”
Thanks to Dr. Rebecca Gould, who encouraged my learning of
Maltego Radium™ for (totally white-hat) higher education-based
research.
Thanks to Phyllis Epps, who gave me permission to crawl her
identity @peppslugs onTwitter, for this presentation.
Thanks to Anibal Pacheco, who gave me permission to crawl his
electronic social networks for this demo. He asked me to share
the following:
Site: www.anibalpacheco.net
Account: @anibalpachecoIT onTwitter
YouTube channel: http://bit.ly/TM8CHP (MegabyteWizards)
Thanks to CHECK for accepting this presentation and to the
supportive audience!
The presenter has no tie to nor interests in Paterva.
Maltego Radium: Mapping NetworkTies and Identities across the Internet 84
85. Dr. Shalin Hai-Jew
Instructional Designer, iTAC
212 Hale Library
Kansas State University
785-532-5262
shalin@k-state.edu
Practically Speaking: No Anonymity
“We may not acknowledge that in an electronic medium, levels
and kinds of anonymity mean, in an important sense, no
anonymity. If there are domains in which we can be anonymous
but those domains are part of a global communication
infrastructure in which there is no anonymity at the entry point,
then it will always be possible to trace someone’s identity.”
Deborah G. Johnson and Keith Miller’s “Anonymity, Pseudonymity, or Inescapable
Identity on the Net” (1998), Computers andSociety
Maltego Radium: Mapping NetworkTies and Identities across the Internet 85
Editor's Notes
NASA Twitter Geolocation crawl depicted
Note: Legal authorities can lift all walls of anonymity or pseudonymity if there are indicators of potential law-breaking by appealing to the third-party service providers; this issue is not addressed here.
Uniform Resource Locator
About Applied Deception (bullet 3): What about single-use transactional pseudonyms? What about anonymization tools like TOR? What about using totally clean machines for very dedicated purposes? What about sheltering within another person’s identity? What about living quietly? (How does one avoid self-deception at the same time?)