Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.

1. Hacker tool talk: Maltego “Security through knowledge” Chris Hammond-Thrasher chris.hammond-thrasher <at> ca.fujitsu.com Fujitsu Edmonton Security Lab February 2011 1 Fujitsu Edmonton Security Lab

2. Agenda Why are we here? About Maltego Installing Maltego Maltego demo What’s next? 2 Fujitsu Edmonton Security Lab

3. Why are we here? 3 Fujitsu Edmonton Security Lab

4. Ethics and motives “Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.” - R. Paul Wilson 4 Fujitsu Edmonton Security Lab

5. OSINT “Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.” - Wikipedia 5 Fujitsu Edmonton Security Lab

6. About Maltego 6 Fujitsu Edmonton Security Lab

7. Features Maps relationships between numerous physical or digital objects Discovers information from numerous online sources Extensible: Maltego can model relationships between almost anything – add your own “entities”, write your own “transforms” and integrate to other systems with the API Free Community Version (as in beer and speech) and a powerful commercial version for ~US$700 for the first year 7 Fujitsu Edmonton Security Lab

8. Limitations Does not search social media sites due to policy restrictions on those sites Does not search commercial data sources Fujitsu Edmonton Security Lab 8

9. Maltego vs. others You can manually gather similar data with search engines, DNS, whois, and social media searches i123people iPhone app (free) Commercial alternatives to MaltegoCE Maltego (commercial) Visual Analytics VisualLinks I2 Group Analyst’s Notebook Others 9 Fujitsu Edmonton Security Lab

10. Legit uses of Maltego Tracking SPAM posts on websites and mailing lists Verifying IT assets Competitive intelligence from public sources Gathering supporting information for individual background checks Other creative uses are possible – it is a flexible tool 10 Fujitsu Edmonton Security Lab

11. h4X0r$ Passive reconnaissance in advance of a system attack Passive reconnaissance in advance of a social engineering attack 11 Fujitsu Edmonton Security Lab

12. Installing Maltego 12 Fujitsu Edmonton Security Lab

13. Choices Current release of Maltego Community Edition is 3.0 Easiest: Get latest Backtrack (BT4R2) live CD or VMhttp://www.backtrack-linux.org/downloads/ Windows installer with or without Javahttp://www.paterva.com/ Linux rpm and deb binary packages availablehttp://www.paterva.com/ MacOS coming soon 13 Fujitsu Edmonton Security Lab

14. Getting started Install via the usual means for your platform Start MaltegoCE double-click the icon in Windows maltego-ce from the Linux command line Fujitsu Edmonton Security Lab 14

15. Register and login Fujitsu Edmonton Security Lab 15

16. Update your transforms Fujitsu Edmonton Security Lab 16

17. Install the cool Shodan add-ons Step 1: API key Get a free Shodan API key (free registration required)http://www.shodanhq.com/api_doc Fujitsu Edmonton Security Lab 17

18. Install the cool Shodan add-ons Step 2: entities Download the entities at: http://maltego.shodanhq.com/downloads/shodan_entities.mtz In Maltego, select "Manage Entities" in the "Manage" tab. Select "Import..." Locate the "shodan_entities.mtz" file you just downloaded and click "Next". Make sure all entities are checked, and click "Next". Enter "Shodan" as a category for the new entities. Click "Finish". Fujitsu Edmonton Security Lab 18

19. Install the cool Shodan add-ons Step 3: transforms Select "Discover Transforms" in the "Manage" tab. In the "Name" field, enter "Shodan" As a URL, use: https://cetas.paterva.com/TDS/runner/showseed/shodan Click "Add" Make sure the "Shodan" seed is selected, then click "Next" Again make sure you see "Shodan" selected, then click "Next" You now see a list of transforms that the "Shodan" seed has. Just click "Next" Click "Finish" Fujitsu Edmonton Security Lab 19

20. Maltego demo 20 Fujitsu Edmonton Security Lab

21. Maltego demo Starting it up Tour through menus and windows Investigating a system target Investigating a human target 21 Fujitsu Edmonton Security Lab

22. What’s next 22 Fujitsu Edmonton Security Lab

23. Learn more Read the Maltego wikihttp://ctas.paterva.com/view/What_is_Maltego Read the Social-Engineer.org websitehttp://social-engineer.org/ Read my old “How do hackers do it?” presentationhttp://www.picisoc.org/tiki-download_file.php?fileId=51&ei=TMI4TcOHBI2WsgOzrZHfAw&usg=AFQjCNH8Y_JPsbADDoOPvlNvPO7udJlmpQ 23 Fujitsu Edmonton Security Lab

24. Act locally At home Use MaltegoCE to manage what information you are exposing about yourself online You can request that Google remove content about youhttp://www.google.com/support/bin/answer.py?answer=164734&hl=en Monitor your children’s adherence to the family acceptable usage policy 24 Fujitsu Edmonton Security Lab

25. Act locally At work Use Maltego to audit public information about corporate systems Track down troublesome website or mailing list users (or bots) using publically available information 25 Fujitsu Edmonton Security Lab

26. Thank you! Want more presentations like this? Is there a particular tool or hack that you would like to see demoed? Chris Hammond-Thrasher Fujitsu Edmonton Security Lab Email: chris.hammond-thrasher <at> ca.fujitsu.com Twitter: thrashor 26 Fujitsu Edmonton Security Lab

27. Fujitsu Edmonton Security Lab 27