Skip to main content

Posts

Showing posts from 2017

Using the new transforms without all the questions

Hi there,

As some of you may have seen, we recently updated the client and servers for Maltego in order to make it better, faster and stronger.

If you're running the commercial version of Maltego (e.g. Classic or XL) these changes have resulted in an extra choice when running transforms between our old and new servers. Unless you've done a clean install of 4.1 you'll see the following when running a transform:



The choice is between the old servers (alpine), and our new servers (g52) - 'Paterva Public'. In the short term, either choice will work, though we would encourage you to use the new server 'Paterva Public' going forward as this will be using the shiny new transforms (feel free to compare speed / results!).
How to remove the old servers We will be releasing Maltego 4.1.1 within the next few days to remove the old servers from Maltego.

Until we release Maltego 4.1.1, or if you are running an older version of the client you can remove the choice of the …

Saving the planet with Maltego 4.1

Greetings people of the Internet.

In the last couple of months a lot of things have changed at Paterva. The good thing is that most of these changes will make your life better and will generally inspire you to live healthier. It's also better for Planet Earth - the environment - and it can help save lives.

Not really. Almost none of that is true of course. But enough with this nonsense - let's run through the changes really quick. Alternatively you can watch Andrew tell you about it:


Client side: Maltego 4.1
Exactly a year ago - to the minute almost - we released Maltego 4.0 (well - the Kali/CE release). Today we are releasing a new Maltego client - 4.1. Thanks AvA and PM team! The main change here is that 4.1 is all Maltego versions rolled into a single client. This means you don't ever have to download a different version - you can simply switch to it. It also means that any updates or fixes will be available to ALL versions of Maltego at exactly the same time - which in …

In our bid to take over the world we hunt ICS devices using Maltego.

In continuing our discussions of our Defcon talk (see previous post [here]) in this section we are going to look at ICS devices and what we can do with them in Maltego.
[Shodan] is a mass Internet scanner – much like [Censys]. The core idea is – find all the machines that are alive on the Internet, extract as much data as we can from them, put it all in a database and make that available to the world to query. Pretty neat actually.
We’ve developed transforms querying Shodan for a while – you can read about it [here]. When we started looking at ICS devices we saw that Shodan actually has a page devoted to it. It looks like [this]:


On every ‘Explore’ button you’ll see that it translates to a Shodan query string. For instance – for instance finding PCWorx device the query will be “port:1962 PLC”. In other words – look for devices that has the word ‘PLC’ somewhere in the response as well as having port 1962 open. This search term will find all of these devices that Shodan has seen on the…

Linking individuals to organizations using network footprinting and leaked data.

Every year we train on Maltego at BlackHat USA in Las Vegas. This year we decided to submit a talk to Defcon – the notorious hacker conference right after BlackHat. For various reasons our talk was not accepted (Maltego being a commercial tool was right up there). At the last minute a slot opened up and since we were backup speakers Andrew MacPherson presented our work on the Saturday.
If you didn’t see the talk this blog post will go into a bit more detail on what Andrew presented. The talk had two main sections – a) finding useful information pertaining to Industrial Control Service (ICS) devices and b) finding embarrassing information. In this blog post I am going to focus on the latter.
We recently saw a talk from someone on using Maltego for infrastructure footprinting. We’ve been doing footprints in Maltego for many years and the tool is well geared towards working with structured data contained in DNS and related services – so it was big ‘told you so’ / ‘glad you could make i…

Maltego 4.0.seventeen. / dezessete / семнадцать / seitsemäntoista / de diecisiete / 17 / 17 / 17 / 17

Hi there all the people of the Internet.

We are happy to show you Maltego 4.0.17. We fixed many mistakes in this release. We now remember proxy settings (again/better). We fixed font scaling in the OAuth service window. Since Ubuntu decided ifconfig no more we worked our way around it. Furthermore - in the transform hub we fixed the refresh button for custom entries.

We also introduced search functionality in the context menu as well as permanent search functionality in the entity palette.

Woot - this is a win!
RT

PS:Japeneseのこのブログ記事全体を翻訳しましたが、ポールはそれがトップ...過ぎていると言っていました。 だから私はそれを取り除いた。 あなたが彼を見る次回は、あなたは彼を蹴るべきです。 ごめんなさい!

Maltego 4.0.16 is out!

Hi there,

We just released Maltego 4.0.16. The delta between version 15 and 16 is mostly bug fixes. We've made Classic and XL available as [downloads] as well as creating update files for people running older versions of Maltego:




From today we're going to try and give you an idea of what features and fixes we've implemented. Some client have asked for it and we think that it's just proper to have some sort of changelog. So here goes!

Numerous fixes for using Maltego with a proxy server. Specifically surrounding authenticated proxies.Start-up stability issues addressed.Support for POSTs in OAuth integration. There are a couple of other issues we've addressed in OAuth and there's a few we're still going to address in future releases. But it's a lot better!Fair amount of cosmetics, spelling mistakes fixed.Refresh button on transform hub items (sure all devs will love us for this!).Factory reset now..uhmm... works...better.Fixes viewlets that's been with…

Maltego documentation is amazing! AMAZINGGG!

It's been said before that Paterva's documentation is not up to scratch and often out-dated. Lies! Lies! And damn lies!! However untrue this might have been I am here today to tell that we have sat down and put some real effort into updating all our documentation for the Maltego client, all our server guides as well as our developer guides. This shiny beacon of Maltego documentation goodness can now be found on the [Maltego Documentation Portal].




All the existing developer portal content has been migrated to this website and can be found under the Developer Portal heading in the navigation bar. We will also be discontinuing the existing Developer Forum on the 'dev portal'. If you've searched our documentation and you still have questions we recommend that you mails friendly questions to support@paterva.com.

That's all for now.

PR

Bing v2 API is dead, long live v5? Also CTAS updates.

As some of you might have notice Microsoft is in the final throes of shutting down Bing API v2 and replacing it with v5 (v3 and v4...well...who knows). The new API is part of [Microsoft Cognitive Services]. MCS have some pretty cool APIs and as soon as they're priced right we might start putting more of them into Maltego. We've put this in here specifically for MS people. You know who you are. We've spoken to you. We know where you live....;)

Currently Maltego uses Bing for all the Search Engine transforms - these all end with '_SE'.

The migration to v5 was not always easy. The question enumerator in the server code had to be changed (a lot). Some options are not supported in v5. There are only 25 results per page. One of the biggest impacts the new API has is that its pricing model is significantly higher than the previous version. Microsoft was pretty helpful in the migration process but less helpful when we complained about the new prices. This means we *might* …

We loaded new certs on our servers

Just a really quick note to say that - yes - it's us and not some nasty MITM - we've changed certificates on our servers. So when you see this...

...then you know what it's about. After our 4.0.5 update we're a little paranoid with checking certificates! You should check that the Modulus is the same, it's signed by Entrust and the Serial number match. If so you can happily click on 'Trust' and be on your merry way.

If you don't see this or the details are different it means you're not speaking to our servers...and you should be worried.

Happy days,
RT


Maltego 4.0.15 is here!

We're happy to announce that Maltego 4.0.15 (for XL and Classic) has just been released. With it comes a whole host of bug fixes, improvements and new features.

What's new:
New tabular import wizardMuch (much!) quicker to import large amounts of dataConnectivity matrix helps you connect the dotsAuto-detection of columns and column entity types saves you timeImport multiple files at once - underrated feature of the month!List view - back by popular demand!Recent entities section in entities pallet so you don't need to search for themLeaf selection (we should have had this in V1)100+ small bug fixes so things just works better.
Tabular Importer Connectivity Matrix The new connectivity matrix allows you to easily define the relationships between the imported entities.


Column Entity Types You can now specify the entity type in the data headers. E.g. A column with the heading "maltego.Person" will automatically be recognized as a Person entity, without having to do the…

Visual link analysis with Splunk (or SQL) and Maltego using the MDS

We're finally ready to release a public beta of the Maltego Data Server (MDS). The MDS is a server that allows you to trivially easy visualize data kept in SQL databases or indexes (such as Splunk) in Maltego - as a graph.

In the most simplest form you only need to write a query (SQL/Splunk) and a tell the MDS how to map the resultant data back to nodes on the graph.


In the most complex form you can write Python code around the query, mapping and nodes as well as use (global) replacement variables anywhere within the items above. With this we mean to say that the MDS can be as easy or as complex as you'd like it to become. The system can grow with your abilities and is very flexible.

With the very basic knowledge of SQL/Splunk and Maltego you can almost immediately get massive insight into the most mundane of logs. With two (basic AF) Splunk-based transforms and three of the standard OSINT transforms that ship with Maltego we can spot fake Googlebots almost instantly in our we…

Making Buzzfeed's TrumpWorld tables into a Maltego graph

Maltego 4.0.15 is on it's way, and with it a brand new interface for importing data into Maltego. With Buzzfeed's recent data dump of "TrumpWorld" we thought we would have some fun mapping out the data, whilst doing a walk-through of the new Tabular importer.

TL;DR -----
With just a few easy clicks you can map out hundreds of links and entities. We can see the complex layout of Trump business empire, as well as how his social and business circles overlap.

Maltego provides a wide array of transforms to dig deeper into the information we have here. We'll leave that as an exercise for the reader ;) Person - Company mapping

Person - Person mapping
Company - Company mapping
Just in case anyone was worried that we were getting too political (we're neutral, like Switzerland), here's a graph of Hillary Clinton's email infrastructure. What's the SSLVPN box by the way? ;)
Try It For Yourself Here are all the Maltego graphs - feel free to open them in any ve…