SlideShare a Scribd company logo

Hacker tool talk: maltego

Chris Hammond-Thrasher, profile picture
Chris Hammond-Thrasher

This document discusses Maltego, a tool for open source intelligence (OSINT) that maps relationships between various objects and gathers information from public sources. It covers features, installation procedures, limitations, legitimate uses, and comparisons with other data-gathering methods. The presentation also includes a demo and resources for further learning about the tool.

Technology
1 of 27
1
2
3
4
5
Most read
6
7
Most read
8
Most read
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Hacker tool talk: Maltego“Security through knowledge”Chris Hammond-Thrasherchris.hammond-thrasher <at> ca.fujitsu.comFujitsu Edmonton Security LabFebruary 20111Fujitsu Edmonton Security Lab
AgendaWhy are we here?About MaltegoInstalling MaltegoMaltego demoWhat’s next?2Fujitsu Edmonton Security Lab
Why are we here?3Fujitsu Edmonton Security Lab
Ethics and motives“Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.”- R. Paul Wilson4Fujitsu Edmonton Security Lab
OSINT“Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”- Wikipedia5Fujitsu Edmonton Security Lab
About Maltego6Fujitsu Edmonton Security Lab
FeaturesMaps relationships between numerous physical or digital objectsDiscovers information from numerous online sourcesExtensible: Maltego can model relationships between almost anything – add your own “entities”, write your own “transforms” and integrate to other systems with the APIFree Community Version (as in beer and speech) and a powerful commercial version for ~US$700 for the first year7Fujitsu Edmonton Security Lab
LimitationsDoes not search social media sites due to policy restrictions on those sitesDoes not search commercial data sourcesFujitsu Edmonton Security Lab8
Maltego vs. othersYou can manually gather similar data with search engines, DNS, whois, and social media searchesi123people iPhone app (free)Commercial alternatives to MaltegoCEMaltego (commercial)Visual Analytics VisualLinksI2 Group Analyst’s NotebookOthers9Fujitsu Edmonton Security Lab
Legit uses of MaltegoTracking SPAM posts on websites and mailing listsVerifying IT assetsCompetitive intelligence from public sourcesGathering supporting information for individual background checksOther creative uses are possible – it is a flexible tool10Fujitsu Edmonton Security Lab
h4X0r$Passive reconnaissance in advance of a system attackPassive reconnaissance in advance of a social engineering attack11Fujitsu Edmonton Security Lab
Installing Maltego12Fujitsu Edmonton Security Lab
ChoicesCurrent release of Maltego Community Edition is 3.0Easiest: Get latest Backtrack (BT4R2) live CD or VMhttp://www.backtrack-linux.org/downloads/Windows installer with or without Javahttp://www.paterva.com/Linux rpm and deb binary packages availablehttp://www.paterva.com/MacOS coming soon13Fujitsu Edmonton Security Lab
Getting startedInstall via the usual means for your platformStart MaltegoCEdouble-click the icon in Windows maltego-ce from the Linux command lineFujitsu Edmonton Security Lab14
Register and loginFujitsu Edmonton Security Lab15
Update your transformsFujitsu Edmonton Security Lab16
Install the cool Shodan add-onsStep 1: API keyGet a free Shodan API key (free registration required)http://www.shodanhq.com/api_docFujitsu Edmonton Security Lab17
Install the cool Shodan add-onsStep 2: entitiesDownload the entities at: http://maltego.shodanhq.com/downloads/shodan_entities.mtzIn Maltego, select "Manage Entities" in the "Manage" tab.Select "Import..."Locate the "shodan_entities.mtz" file you just downloaded and click "Next".Make sure all entities are checked, and click "Next".Enter "Shodan" as a category for the new entities. Click "Finish".Fujitsu Edmonton Security Lab18
Install the cool Shodan add-onsStep 3: transformsSelect "Discover Transforms" in the "Manage" tab.In the "Name" field, enter "Shodan"As a URL, use: https://cetas.paterva.com/TDS/runner/showseed/shodanClick "Add"Make sure the "Shodan" seed is selected, then click "Next"Again make sure you see "Shodan" selected, then click "Next"You now see a list of transforms that the "Shodan" seed has. Just click "Next"Click "Finish"Fujitsu Edmonton Security Lab19
Maltego demo20Fujitsu Edmonton Security Lab
Maltego demoStarting it upTour through menus and windowsInvestigating a system targetInvestigating a human target21Fujitsu Edmonton Security Lab
What’s next22Fujitsu Edmonton Security Lab
Learn moreRead the Maltego wikihttp://ctas.paterva.com/view/What_is_MaltegoRead the Social-Engineer.org websitehttp://social-engineer.org/Read my old “How do hackers do it?” presentationhttp://www.picisoc.org/tiki-download_file.php?fileId=51&ei=TMI4TcOHBI2WsgOzrZHfAw&usg=AFQjCNH8Y_JPsbADDoOPvlNvPO7udJlmpQ23Fujitsu Edmonton Security Lab
Act locallyAt homeUse MaltegoCE to manage what information you are exposing about yourself onlineYou can request that Google remove content about youhttp://www.google.com/support/bin/answer.py?answer=164734&hl=enMonitor your children’s adherence to the family acceptable usage policy24Fujitsu Edmonton Security Lab
Act locallyAt workUse Maltego to audit public information about corporate systemsTrack down troublesome website or mailing list users (or bots) using publically available information25Fujitsu Edmonton Security Lab
Thank you!Want more presentations like this?Is there a particular tool or hack that you would like to see demoed?Chris Hammond-ThrasherFujitsu Edmonton Security LabEmail: chris.hammond-thrasher <at> ca.fujitsu.comTwitter: thrashor26Fujitsu Edmonton Security Lab
Fujitsu Edmonton Security Lab27

More Related Content

PPT
Information Gathering With Maltego
Tom Eston
 
PDF
Mise en place d’un système de détection
Manassé Achim kpaya
 
PPTX
Network scanning
oceanofwebs
 
PPTX
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
PPTX
NMAP - The Network Scanner
n|u - The Open Security Community
 
PPTX
Introduction To Exploitation & Metasploit
Raghav Bisht
 
PDF
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
Seungjoo Kim
 
PPT
Hacking tutorial
MSA Technosoft
 
Information Gathering With Maltego
Tom Eston
 
Mise en place d’un système de détection
Manassé Achim kpaya
 
Network scanning
oceanofwebs
 
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
NMAP - The Network Scanner
n|u - The Open Security Community
 
Introduction To Exploitation & Metasploit
Raghav Bisht
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
Seungjoo Kim
 
Hacking tutorial
MSA Technosoft
 

What's hot (20)

PPTX
Basics of Maltego
Yash Diwakar
 
PPTX
Siem OSSIM
Yaya N'Tyeni Sanogo
 
PPTX
大規模トラフィックにどのように備えて負荷対策を実施しているのか?
Yusuke Shirakawa
 
PPTX
Basic Malware Analysis
Albert Hui
 
PPTX
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
PPTX
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
PPTX
Understanding NMAP
Phannarith Ou, G-CISO
 
PDF
Nessus Software
Megha Sahu
 
PDF
サーバーサイドでの非同期処理で色々やったよ
koji lin
 
PDF
Maltego
Bhushan Gurav
 
PPTX
Système de détection d'intrusion (Intrusion Detection System)
YousraChahinez
 
PDF
The top 10 windows logs event id's used v1.0
Michael Gough
 
PDF
Cyber attacks
Anuradha Moti T
 
PPTX
CEDEC2019 大規模モバイルゲーム運用におけるマスタデータ管理事例
sairoutine
 
PPTX
Nmap
Sreekanth Narendran
 
PDF
Snort implementation
Rokitta Apollonia
 
PPTX
Bsides Knoxville - OSINT
Adam Compton
 
PPTX
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
PPT
DDOS Attack
Ahmed Salama
 
PPTX
Malware & Anti-Malware
Arpit Mittal
 
Basics of Maltego
Yash Diwakar
 
Siem OSSIM
Yaya N'Tyeni Sanogo
 
大規模トラフィックにどのように備えて負荷対策を実施しているのか?
Yusuke Shirakawa
 
Basic Malware Analysis
Albert Hui
 
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Understanding NMAP
Phannarith Ou, G-CISO
 
Nessus Software
Megha Sahu
 
サーバーサイドでの非同期処理で色々やったよ
koji lin
 
Maltego
Bhushan Gurav
 
Système de détection d'intrusion (Intrusion Detection System)
YousraChahinez
 
The top 10 windows logs event id's used v1.0
Michael Gough
 
Cyber attacks
Anuradha Moti T
 
CEDEC2019 大規模モバイルゲーム運用におけるマスタデータ管理事例
sairoutine
 
Nmap
Sreekanth Narendran
 
Snort implementation
Rokitta Apollonia
 
Bsides Knoxville - OSINT
Adam Compton
 
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
DDOS Attack
Ahmed Salama
 
Malware & Anti-Malware
Arpit Mittal
 

Viewers also liked (20)

PDF
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Shalin Hai-Jew
 
PPTX
Maltego Webinar Slides
ThreatConnect
 
PPTX
Maltego Magic Workshop - BSides London 2015
Adam Maxwell
 
ZIP
The Twitter API: A Presentation to Adobe
Alex Payne
 
PPTX
Twitter api
kaleem malick
 
PPTX
Extracting and analyzing discussion data with google sheets and google analytics
Martin Hawksey
 
PDF
Facebook & Twitter API
Fabrice Delhoste
 
PPTX
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
PDF
Nessus Basics
amiable_indian
 
PDF
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
PPTX
Network sniffers & injection tools
vishalgohel12195
 
PDF
Open Source Intelligence (OSINT)
festival ICT 2016
 
PDF
Introduction to Sentiment Analysis
Jaganadh Gopinadhan
 
PDF
Penetrasyon Testlerinde Açık Kod Yazılımların Kullanımı
BGA Cyber Security
 
PDF
Sızma Testlerinde Armitage Kullanımı
BGA Cyber Security
 
DOCX
SIZMA TESTLERİNDE BİLGİ TOPLAMA
BGA Cyber Security
 
DOCX
Twitter analysis by Kaify Rais
Ajay Ohri
 
PPTX
Sentiment analysis of tweets
Vasu Jain
 
PPTX
Sentiment Analysis in Twitter
Ayushi Dalmia
 
PDF
Sentiment Analysis of Twitter Data
Sumit Raj
 
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Shalin Hai-Jew
 
Maltego Webinar Slides
ThreatConnect
 
Maltego Magic Workshop - BSides London 2015
Adam Maxwell
 
The Twitter API: A Presentation to Adobe
Alex Payne
 
Twitter api
kaleem malick
 
Extracting and analyzing discussion data with google sheets and google analytics
Martin Hawksey
 
Facebook & Twitter API
Fabrice Delhoste
 
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Nessus Basics
amiable_indian
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
Network sniffers & injection tools
vishalgohel12195
 
Open Source Intelligence (OSINT)
festival ICT 2016
 
Introduction to Sentiment Analysis
Jaganadh Gopinadhan
 
Penetrasyon Testlerinde Açık Kod Yazılımların Kullanımı
BGA Cyber Security
 
Sızma Testlerinde Armitage Kullanımı
BGA Cyber Security
 
SIZMA TESTLERİNDE BİLGİ TOPLAMA
BGA Cyber Security
 
Twitter analysis by Kaify Rais
Ajay Ohri
 
Sentiment analysis of tweets
Vasu Jain
 
Sentiment Analysis in Twitter
Ayushi Dalmia
 
Sentiment Analysis of Twitter Data
Sumit Raj
 

Similar to Hacker tool talk: maltego (20)

PPTX
information Gathering using Maltego.pptx
DrEGayathri
 
PPTX
maltego ppt.pptx maltego ppt is based on cyber security
shrutishreemahato
 
PPTX
Hands-On Security Breakout Session- ES Guided Tour
Splunk
 
PPTX
Maltego Information Gathering
Sreekanth Narendran
 
PPTX
Malformity BsidesBoston2013
digital4rensics
 
PPTX
Sploitego
London School of Cyber Security
 
PPT
Pen-Testing.ppt about cyber security pnetesting
patelvedant1080
 
PDF
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Rassoul Ghaznavi Zadeh
 
PDF
(Ebook) Learning Kali Linux by Ric Messier
fiukerlet
 
PPTX
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
John Bambenek
 
PPTX
Maltego
penetration Tester
 
PPTX
OSINT Tool - Reconnaissance with Maltego
Raghav Bisht
 
PDF
OSINT for Attack and Defense
Andrew McNicol
 
PPTX
Hands-On Security Breakout Session- ES Guided Tour
Splunk
 
PDF
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
PDF
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...
CODE BLUE
 
PDF
Breach and attack simulation tools
Bangladesh Network Operators Group
 
PDF
Intro2 malwareanalysisshort
Vincent Ohprecio
 
PDF
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Big Data Spain
 
PPTX
What do Wardley Maps mean to me? (Map Camp 2020)
Steve Purkis
 
information Gathering using Maltego.pptx
DrEGayathri
 
maltego ppt.pptx maltego ppt is based on cyber security
shrutishreemahato
 
Hands-On Security Breakout Session- ES Guided Tour
Splunk
 
Maltego Information Gathering
Sreekanth Narendran
 
Malformity BsidesBoston2013
digital4rensics
 
Sploitego
London School of Cyber Security
 
Pen-Testing.ppt about cyber security pnetesting
patelvedant1080
 
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Rassoul Ghaznavi Zadeh
 
(Ebook) Learning Kali Linux by Ric Messier
fiukerlet
 
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
John Bambenek
 
Maltego
penetration Tester
 
OSINT Tool - Reconnaissance with Maltego
Raghav Bisht
 
OSINT for Attack and Defense
Andrew McNicol
 
Hands-On Security Breakout Session- ES Guided Tour
Splunk
 
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...
CODE BLUE
 
Breach and attack simulation tools
Bangladesh Network Operators Group
 
Intro2 malwareanalysisshort
Vincent Ohprecio
 
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Big Data Spain
 
What do Wardley Maps mean to me? (Map Camp 2020)
Steve Purkis
 

More from Chris Hammond-Thrasher (12)

PPTX
Alice and bob: Love & the most important crypto on the net
Chris Hammond-Thrasher
 
PPTX
Six health privacy experiments that should *NEVER* be caried out
Chris Hammond-Thrasher
 
PPTX
Spiritualists, magicians and security vendors
Chris Hammond-Thrasher
 
PPTX
hackers vs suits
Chris Hammond-Thrasher
 
PPT
Introduction to Green IT
Chris Hammond-Thrasher
 
PPTX
Hacker tooltalk: Social Engineering Toolkit (SET)
Chris Hammond-Thrasher
 
PDF
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
ODP
Open Source Library Software
Chris Hammond-Thrasher
 
ODP
Infosec Workshop - PacINET 2007
Chris Hammond-Thrasher
 
PDF
Popular GIS: a webliography
Chris Hammond-Thrasher
 
ODP
Popular GIS
Chris Hammond-Thrasher
 
PPT
How hackers do it
Chris Hammond-Thrasher
 
Alice and bob: Love & the most important crypto on the net
Chris Hammond-Thrasher
 
Six health privacy experiments that should *NEVER* be caried out
Chris Hammond-Thrasher
 
Spiritualists, magicians and security vendors
Chris Hammond-Thrasher
 
hackers vs suits
Chris Hammond-Thrasher
 
Introduction to Green IT
Chris Hammond-Thrasher
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Chris Hammond-Thrasher
 
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
Open Source Library Software
Chris Hammond-Thrasher
 
Infosec Workshop - PacINET 2007
Chris Hammond-Thrasher
 
Popular GIS: a webliography
Chris Hammond-Thrasher
 
Popular GIS
Chris Hammond-Thrasher
 
How hackers do it
Chris Hammond-Thrasher
 

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Encapsulation theory and applications.pdf
gurumoop
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 

Hacker tool talk: maltego

  • 1. Hacker tool talk: Maltego“Security through knowledge”Chris Hammond-Thrasherchris.hammond-thrasher <at> ca.fujitsu.comFujitsu Edmonton Security LabFebruary 20111Fujitsu Edmonton Security Lab
  • 2. AgendaWhy are we here?About MaltegoInstalling MaltegoMaltego demoWhat’s next?2Fujitsu Edmonton Security Lab
  • 3. Why are we here?3Fujitsu Edmonton Security Lab
  • 4. Ethics and motives“Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.”- R. Paul Wilson4Fujitsu Edmonton Security Lab
  • 5. OSINT“Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”- Wikipedia5Fujitsu Edmonton Security Lab
  • 7. FeaturesMaps relationships between numerous physical or digital objectsDiscovers information from numerous online sourcesExtensible: Maltego can model relationships between almost anything – add your own “entities”, write your own “transforms” and integrate to other systems with the APIFree Community Version (as in beer and speech) and a powerful commercial version for ~US$700 for the first year7Fujitsu Edmonton Security Lab
  • 8. LimitationsDoes not search social media sites due to policy restrictions on those sitesDoes not search commercial data sourcesFujitsu Edmonton Security Lab8
  • 9. Maltego vs. othersYou can manually gather similar data with search engines, DNS, whois, and social media searchesi123people iPhone app (free)Commercial alternatives to MaltegoCEMaltego (commercial)Visual Analytics VisualLinksI2 Group Analyst’s NotebookOthers9Fujitsu Edmonton Security Lab
  • 10. Legit uses of MaltegoTracking SPAM posts on websites and mailing listsVerifying IT assetsCompetitive intelligence from public sourcesGathering supporting information for individual background checksOther creative uses are possible – it is a flexible tool10Fujitsu Edmonton Security Lab
  • 11. h4X0r$Passive reconnaissance in advance of a system attackPassive reconnaissance in advance of a social engineering attack11Fujitsu Edmonton Security Lab
  • 13. ChoicesCurrent release of Maltego Community Edition is 3.0Easiest: Get latest Backtrack (BT4R2) live CD or VMhttp://www.backtrack-linux.org/downloads/Windows installer with or without Javahttp://www.paterva.com/Linux rpm and deb binary packages availablehttp://www.paterva.com/MacOS coming soon13Fujitsu Edmonton Security Lab
  • 14. Getting startedInstall via the usual means for your platformStart MaltegoCEdouble-click the icon in Windows maltego-ce from the Linux command lineFujitsu Edmonton Security Lab14
  • 15. Register and loginFujitsu Edmonton Security Lab15
  • 16. Update your transformsFujitsu Edmonton Security Lab16
  • 17. Install the cool Shodan add-onsStep 1: API keyGet a free Shodan API key (free registration required)http://www.shodanhq.com/api_docFujitsu Edmonton Security Lab17
  • 18. Install the cool Shodan add-onsStep 2: entitiesDownload the entities at: http://maltego.shodanhq.com/downloads/shodan_entities.mtzIn Maltego, select "Manage Entities" in the "Manage" tab.Select "Import..."Locate the "shodan_entities.mtz" file you just downloaded and click "Next".Make sure all entities are checked, and click "Next".Enter "Shodan" as a category for the new entities. Click "Finish".Fujitsu Edmonton Security Lab18
  • 19. Install the cool Shodan add-onsStep 3: transformsSelect "Discover Transforms" in the "Manage" tab.In the "Name" field, enter "Shodan"As a URL, use: https://cetas.paterva.com/TDS/runner/showseed/shodanClick "Add"Make sure the "Shodan" seed is selected, then click "Next"Again make sure you see "Shodan" selected, then click "Next"You now see a list of transforms that the "Shodan" seed has. Just click "Next"Click "Finish"Fujitsu Edmonton Security Lab19
  • 21. Maltego demoStarting it upTour through menus and windowsInvestigating a system targetInvestigating a human target21Fujitsu Edmonton Security Lab
  • 23. Learn moreRead the Maltego wikihttp://ctas.paterva.com/view/What_is_MaltegoRead the Social-Engineer.org websitehttp://social-engineer.org/Read my old “How do hackers do it?” presentationhttp://www.picisoc.org/tiki-download_file.php?fileId=51&ei=TMI4TcOHBI2WsgOzrZHfAw&usg=AFQjCNH8Y_JPsbADDoOPvlNvPO7udJlmpQ23Fujitsu Edmonton Security Lab
  • 24. Act locallyAt homeUse MaltegoCE to manage what information you are exposing about yourself onlineYou can request that Google remove content about youhttp://www.google.com/support/bin/answer.py?answer=164734&hl=enMonitor your children’s adherence to the family acceptable usage policy24Fujitsu Edmonton Security Lab
  • 25. Act locallyAt workUse Maltego to audit public information about corporate systemsTrack down troublesome website or mailing list users (or bots) using publically available information25Fujitsu Edmonton Security Lab
  • 26. Thank you!Want more presentations like this?Is there a particular tool or hack that you would like to see demoed?Chris Hammond-ThrasherFujitsu Edmonton Security LabEmail: chris.hammond-thrasher <at> ca.fujitsu.comTwitter: thrashor26Fujitsu Edmonton Security Lab

Editor's Notes

  • #6: In the intelligence community (IC), the term &quot;open&quot; refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software or public intelligence.