Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacker tool talk: maltego


Published on

Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.

Published in: Technology
  • Be the first to comment

Hacker tool talk: maltego

  1. 1. Hacker tool talk: Maltego<br />“Security through knowledge”<br />Chris Hammond-Thrasher<br />chris.hammond-thrasher <at><br />Fujitsu Edmonton Security Lab<br />February 2011<br />1<br />Fujitsu Edmonton Security Lab<br />
  2. 2. Agenda<br />Why are we here?<br />About Maltego<br />Installing Maltego<br />Maltego demo<br />What’s next?<br />2<br />Fujitsu Edmonton Security Lab<br />
  3. 3. Why are we here?<br />3<br />Fujitsu Edmonton Security Lab<br />
  4. 4. Ethics and motives<br />“Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.”<br />- R. Paul Wilson<br />4<br />Fujitsu Edmonton Security Lab<br />
  5. 5. OSINT<br />“Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”<br />- Wikipedia<br />5<br />Fujitsu Edmonton Security Lab<br />
  6. 6. About Maltego<br />6<br />Fujitsu Edmonton Security Lab<br />
  7. 7. Features<br />Maps relationships between numerous physical or digital objects<br />Discovers information from numerous online sources<br />Extensible: Maltego can model relationships between almost anything – add your own “entities”, write your own “transforms” and integrate to other systems with the API<br />Free Community Version (as in beer and speech) and a powerful commercial version for ~US$700 for the first year<br />7<br />Fujitsu Edmonton Security Lab<br />
  8. 8. Limitations<br />Does not search social media sites due to policy restrictions on those sites<br />Does not search commercial data sources<br />Fujitsu Edmonton Security Lab<br />8<br />
  9. 9. Maltego vs. others<br />You can manually gather similar data with search engines, DNS, whois, and social media searches<br />i123people iPhone app (free)<br />Commercial alternatives to MaltegoCE<br />Maltego (commercial)<br />Visual Analytics VisualLinks<br />I2 Group Analyst’s Notebook<br />Others<br />9<br />Fujitsu Edmonton Security Lab<br />
  10. 10. Legit uses of Maltego<br />Tracking SPAM posts on websites and mailing lists<br />Verifying IT assets<br />Competitive intelligence from public sources<br />Gathering supporting information for individual background checks<br />Other creative uses are possible – it is a flexible tool<br />10<br />Fujitsu Edmonton Security Lab<br />
  11. 11. h4X0r$<br />Passive reconnaissance in advance of a system attack<br />Passive reconnaissance in advance of a social engineering attack<br />11<br />Fujitsu Edmonton Security Lab<br />
  12. 12. Installing Maltego<br />12<br />Fujitsu Edmonton Security Lab<br />
  13. 13. Choices<br />Current release of Maltego Community Edition is 3.0<br />Easiest: Get latest Backtrack (BT4R2) live CD or VM<br />Windows installer with or without Java<br />Linux rpm and deb binary packages available<br />MacOS coming soon<br />13<br />Fujitsu Edmonton Security Lab<br />
  14. 14. Getting started<br />Install via the usual means for your platform<br />Start MaltegoCE<br />double-click the icon in Windows <br />maltego-ce from the Linux command line<br />Fujitsu Edmonton Security Lab<br />14<br />
  15. 15. Register and login<br />Fujitsu Edmonton Security Lab<br />15<br />
  16. 16. Update your transforms<br />Fujitsu Edmonton Security Lab<br />16<br />
  17. 17. Install the cool Shodan add-ons<br />Step 1: API key<br />Get a free Shodan API key (free registration required)<br />Fujitsu Edmonton Security Lab<br />17<br />
  18. 18. Install the cool Shodan add-ons<br />Step 2: entities<br />Download the entities at:<br />In Maltego, select "Manage Entities" in the "Manage" tab.<br />Select "Import..."<br />Locate the "shodan_entities.mtz" file you just downloaded and click "Next".<br />Make sure all entities are checked, and click "Next".<br />Enter "Shodan" as a category for the new entities. Click "Finish".<br />Fujitsu Edmonton Security Lab<br />18<br />
  19. 19. Install the cool Shodan add-ons<br />Step 3: transforms<br />Select "Discover Transforms" in the "Manage" tab.<br />In the "Name" field, enter "Shodan"<br />As a URL, use:<br />Click "Add"<br />Make sure the "Shodan" seed is selected, then click "Next"<br />Again make sure you see "Shodan" selected, then click "Next"<br />You now see a list of transforms that the "Shodan" seed has. Just click "Next"<br />Click "Finish"<br />Fujitsu Edmonton Security Lab<br />19<br />
  20. 20. Maltego demo<br />20<br />Fujitsu Edmonton Security Lab<br />
  21. 21. Maltego demo<br />Starting it up<br />Tour through menus and windows<br />Investigating a system target<br />Investigating a human target<br />21<br />Fujitsu Edmonton Security Lab<br />
  22. 22. What’s next<br />22<br />Fujitsu Edmonton Security Lab<br />
  23. 23. Learn more<br />Read the Maltego wiki<br />Read the website<br />Read my old “How do hackers do it?” presentation<br />23<br />Fujitsu Edmonton Security Lab<br />
  24. 24. Act locally<br />At home<br />Use MaltegoCE to manage what information you are exposing about yourself online<br />You can request that Google remove content about you<br />Monitor your children’s adherence to the family acceptable usage policy<br />24<br />Fujitsu Edmonton Security Lab<br />
  25. 25. Act locally<br />At work<br />Use Maltego to audit public information about corporate systems<br />Track down troublesome website or mailing list users (or bots) using publically available information<br />25<br />Fujitsu Edmonton Security Lab<br />
  26. 26. Thank you!<br />Want more presentations like this?<br />Is there a particular tool or hack that you would like to see demoed?<br />Chris Hammond-Thrasher<br />Fujitsu Edmonton Security Lab<br />Email: chris.hammond-thrasher <at><br />Twitter: thrashor<br />26<br />Fujitsu Edmonton Security Lab<br />
  27. 27. Fujitsu Edmonton Security Lab<br />27<br />