Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Hacker tool talk: maltego

Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.

  • Inicia sesión para ver los comentarios

Hacker tool talk: maltego

  1. 1. Hacker tool talk: Maltego<br />“Security through knowledge”<br />Chris Hammond-Thrasher<br />chris.hammond-thrasher <at><br />Fujitsu Edmonton Security Lab<br />February 2011<br />1<br />Fujitsu Edmonton Security Lab<br />
  2. 2. Agenda<br />Why are we here?<br />About Maltego<br />Installing Maltego<br />Maltego demo<br />What’s next?<br />2<br />Fujitsu Edmonton Security Lab<br />
  3. 3. Why are we here?<br />3<br />Fujitsu Edmonton Security Lab<br />
  4. 4. Ethics and motives<br />“Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.”<br />- R. Paul Wilson<br />4<br />Fujitsu Edmonton Security Lab<br />
  5. 5. OSINT<br />“Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”<br />- Wikipedia<br />5<br />Fujitsu Edmonton Security Lab<br />
  6. 6. About Maltego<br />6<br />Fujitsu Edmonton Security Lab<br />
  7. 7. Features<br />Maps relationships between numerous physical or digital objects<br />Discovers information from numerous online sources<br />Extensible: Maltego can model relationships between almost anything – add your own “entities”, write your own “transforms” and integrate to other systems with the API<br />Free Community Version (as in beer and speech) and a powerful commercial version for ~US$700 for the first year<br />7<br />Fujitsu Edmonton Security Lab<br />
  8. 8. Limitations<br />Does not search social media sites due to policy restrictions on those sites<br />Does not search commercial data sources<br />Fujitsu Edmonton Security Lab<br />8<br />
  9. 9. Maltego vs. others<br />You can manually gather similar data with search engines, DNS, whois, and social media searches<br />i123people iPhone app (free)<br />Commercial alternatives to MaltegoCE<br />Maltego (commercial)<br />Visual Analytics VisualLinks<br />I2 Group Analyst’s Notebook<br />Others<br />9<br />Fujitsu Edmonton Security Lab<br />
  10. 10. Legit uses of Maltego<br />Tracking SPAM posts on websites and mailing lists<br />Verifying IT assets<br />Competitive intelligence from public sources<br />Gathering supporting information for individual background checks<br />Other creative uses are possible – it is a flexible tool<br />10<br />Fujitsu Edmonton Security Lab<br />
  11. 11. h4X0r$<br />Passive reconnaissance in advance of a system attack<br />Passive reconnaissance in advance of a social engineering attack<br />11<br />Fujitsu Edmonton Security Lab<br />
  12. 12. Installing Maltego<br />12<br />Fujitsu Edmonton Security Lab<br />
  13. 13. Choices<br />Current release of Maltego Community Edition is 3.0<br />Easiest: Get latest Backtrack (BT4R2) live CD or VM<br />Windows installer with or without Java<br />Linux rpm and deb binary packages available<br />MacOS coming soon<br />13<br />Fujitsu Edmonton Security Lab<br />
  14. 14. Getting started<br />Install via the usual means for your platform<br />Start MaltegoCE<br />double-click the icon in Windows <br />maltego-ce from the Linux command line<br />Fujitsu Edmonton Security Lab<br />14<br />
  15. 15. Register and login<br />Fujitsu Edmonton Security Lab<br />15<br />
  16. 16. Update your transforms<br />Fujitsu Edmonton Security Lab<br />16<br />
  17. 17. Install the cool Shodan add-ons<br />Step 1: API key<br />Get a free Shodan API key (free registration required)<br />Fujitsu Edmonton Security Lab<br />17<br />
  18. 18. Install the cool Shodan add-ons<br />Step 2: entities<br />Download the entities at:<br />In Maltego, select "Manage Entities" in the "Manage" tab.<br />Select "Import..."<br />Locate the "shodan_entities.mtz" file you just downloaded and click "Next".<br />Make sure all entities are checked, and click "Next".<br />Enter "Shodan" as a category for the new entities. Click "Finish".<br />Fujitsu Edmonton Security Lab<br />18<br />
  19. 19. Install the cool Shodan add-ons<br />Step 3: transforms<br />Select "Discover Transforms" in the "Manage" tab.<br />In the "Name" field, enter "Shodan"<br />As a URL, use:<br />Click "Add"<br />Make sure the "Shodan" seed is selected, then click "Next"<br />Again make sure you see "Shodan" selected, then click "Next"<br />You now see a list of transforms that the "Shodan" seed has. Just click "Next"<br />Click "Finish"<br />Fujitsu Edmonton Security Lab<br />19<br />
  20. 20. Maltego demo<br />20<br />Fujitsu Edmonton Security Lab<br />
  21. 21. Maltego demo<br />Starting it up<br />Tour through menus and windows<br />Investigating a system target<br />Investigating a human target<br />21<br />Fujitsu Edmonton Security Lab<br />
  22. 22. What’s next<br />22<br />Fujitsu Edmonton Security Lab<br />
  23. 23. Learn more<br />Read the Maltego wiki<br />Read the website<br />Read my old “How do hackers do it?” presentation<br />23<br />Fujitsu Edmonton Security Lab<br />
  24. 24. Act locally<br />At home<br />Use MaltegoCE to manage what information you are exposing about yourself online<br />You can request that Google remove content about you<br />Monitor your children’s adherence to the family acceptable usage policy<br />24<br />Fujitsu Edmonton Security Lab<br />
  25. 25. Act locally<br />At work<br />Use Maltego to audit public information about corporate systems<br />Track down troublesome website or mailing list users (or bots) using publically available information<br />25<br />Fujitsu Edmonton Security Lab<br />
  26. 26. Thank you!<br />Want more presentations like this?<br />Is there a particular tool or hack that you would like to see demoed?<br />Chris Hammond-Thrasher<br />Fujitsu Edmonton Security Lab<br />Email: chris.hammond-thrasher <at><br />Twitter: thrashor<br />26<br />Fujitsu Edmonton Security Lab<br />
  27. 27. Fujitsu Edmonton Security Lab<br />27<br />