Showing posts with label Paterva. Show all posts
Showing posts with label Paterva. Show all posts

Saturday, May 10, 2008

Maltego v2 is out and its friggin awesome

I did a previous blog post using Maltego v1 and will be talking a bit about maltego at ChicagoCon but Maltego v2 is out and its a very nice upgrade.

from the site:

Version 2 of Maltego has been completely rewritten - it’s a complete new code base.
The following has been added from the KZ3 release:

  • Load/Save of entire graphs means you can always go back to your investigation.
  • Printing of graphs (over multiple pages) for discussions.
  • Export of entities (CSV format) makes it easy to import Maltego data into other databases.
  • Commercial grade layout library:
    • The layout and navigation have been optimized for speed and usability.
    • Four layout types to rearrange data the way YOU want it.
    • Two view types for finding relevant info on large graphs.
  • More entities and 20 brand new transforms for even deeper searches and more information.
  • Search/Find (on entity value, detailed info and additional fields) helps you to get to key nodes quicker.
  • Multiple open graphs on different tabs for easy switching between graphs.
  • Dedicated clear-all, zoom buttons for notebook users.
  • Hollywood quality look & feel will impress your friends and your boss.
  • Integrated help on transforms and entities to increase your learning curve.
  • Complete user guide ensures you are never lost.
  • Prepopulated and preconfigured transforms and transform sets saves you time.
  • Population of API key integrated with license key so it’s never lost.
  • Platform independent installer means you can install it anywhere.
I like it alot and one of the coolest features is the ability to create a graph and allow others to view it, not to mention print it out, save it, and export it as a .csv. Oh and the technorati blog keyword and link search is badass. You can check out this demo video to see what i am talking about: http://ctas.paterva.com/Maltego_Videos/Episode%203 and more screenshots here: http://www.paterva.com/maltego/screenshots/

I'm trying to tidy up slides for next week but expect a maltego post or article after chicagocon.


/
/
6 comments , ,

Tuesday, January 1, 2008

New Year Paranoia Thoughts

As we were at Safeway buying champagne and the sparking apple cider for the party last nite it really dawned on me the amount of personal data we give to stores in exchange for a couple dollars off at the register.

When you think about it, would you regularly post on the net when you buy condoms or butt cream from the drug store, or EVERYTHING you bought from the grocery store. While I don't consider myself strange or to have weird eating habits, I don't know that I'd be comfortable letting everyone know what I was buying -- even though evidently I am because i take my couple dollar discount.

While most of the info is just for marketing or statistics, some you have to wonder what its for. For example, Safeway (a grocery store) you enter in your phone number and you get the "Safeway member price" on alot of things that are on sale that week, thats cool, and i usually save 3 or 4 dollars per visit. But what does safeway do with that data? i don't get coupons or things like that in the mail or email (you only give them name and phone number but alot of stores ask for email now too) but where is all that information going and who is using it?

So, two thoughts I took away from it were:

1. Looking back at my maltego post (or just using google) look at the amount of information you can find about someone if you just know there name, email and phone number...kinda scary

2. Can that information be used to incriminate you? Say I was a suspect in a murder case and I had bought (and swiped my member rewards card) at the local hardware store when I bought lime, shovel, trash bags, and rope --hope I didn't pay with my debit mastercard either.

So, I guess my question is, in this day and age of really working hard to protect the privacy of our online identity with TOR, anonymous email accounts, limiting what personal information we do give out, and your favorite flavor or PGP do we need to work harder to protect our physical (real/human) identities, especially when that information is so easily and pretty much instantaneously transfered into the online realm?

I think I'll continue using the in-laws information at Safeway...just in case.

Happy New Year!

/
/
3 comments , , ,

Thursday, December 13, 2007

Paterva's Maltego for Information Gathering

If you haven't heard of Paterva's Maltego (formally Evolution) then you've been missing out! HD Moore and Valsmith first mentioned it in their tactical exploitation talk at Blackhat Vegas and Defcon.

From the Paterva Homepage:
  • Maltego is a program that can be used to determine the relationships and real world links between:
    • People
    • Groups of people (social networks)
    • Companies
    • Organizations
    • Web sites
    • Internet infrastructure such as:
      • Domains
      • DNS names
      • Netblocks
      • IP addresses
    • Phrases
    • Affiliations
    • Documents and files
The documentation walks you through the initial setup and accepting of the transforms and getting API keys pretty well, so I wont cover it (go read you lazy bums). Once you get through that its time to use it.

Maltego comes with windows and linux binaries, so just run it ./maltego


Before you can start using Maltego you need to go to tools -->Manage transforms, then follow the wizard (read the documentation). you'll need to register on the Paterva site to get your API key and a couple other sites to get API keys from them.

Here is how Maltego looks after you start it up. To use it, you drag an icon from the infrastructure or personal section to the Maltego Graph (blue) section.

Using Person --> Chris Gates as the search

You can see in the Transform Execution section the results you got back from the various transforms and your graph being populated with the results

The Person --> Chris Gates output. it found several email addresses, forum posts, my Amazon profile, and other stuff that wasnt me (there are actually a ton of Chris Gates' out there).


We could have added a key word to really get better results for me specifically but given that we know the learnsecurityonline.com email is mine, lets use that for another search.

Let's check out doing Infrastructure --> Domain for learnsecurityonline.com


Not bad, I don't think the phone numbers are correct but the other results are relevant. We could have also used the whois transform and DNS bruteforce transform to enumerate some more hosts in the domain and to get the IP space.

That should be enough to get you started, i've been having fun picking random security bloggers I dont know to see what i can dig up about them, very fun. While I don't have a screenshot, the metadata search is awesome when Maltego finds "office" type documents and can be useful to reinforce you are on the track with your search.

Links!
Paterva: http://www.paterva.com
Maltego Downloads: http://www.paterva.com/web2/maltego/maltego-gui-1.0-download.html
Maltego Documentation: http://www.paterva.com/web2/maltego/maltego-docs.html

Presentations on Maltego:
CansecWest07 Presentation [PPT] (1.8MB)
FIRST 2007 Presentation [PPT] (4.5MB)
/
/
2 comments , , ,
Subscribe to: Posts (Atom)

Copyright 2023 © Carnal0wnage Blog