Skip to main content


Bitcoin Tracking and Analysing with Maltego

Bitcoin and cryptocurrency has been over basically everything. We've all had those awkward conversations over Christmas dinner with that weird uncle where they explain that it's a pyramid scheme or a scam! Well we thought it's time we refreshed some of the BTC transforms in Maltego.

A quick recap of the basics of BTC:

'Addresses' are what you generate from your wallet and people can send and receive money to these

'Transactions' are the well.. transactions, the key point here is that transactions take in addresses(thats plural) that have a value as an input and the addresses as the output that also receive a value.

You can go to for a better refresher than this!

As a side note, you may have noticed we have had these transforms before, written originally by the breaker of chains, slayer of elks and herder of cats, Paul Richards. We decided to re-write these for a number of reasons. Firstly, our new born superstar server developer, Andre…
Recent posts

Holiday Special (yes, it’s this time of year again)

Whether 2017 has treated you well or poorly, it is nearing its end. The year of AlphaBay and Hansa Market takedowns, WannaCry woes, the rise of Reaper…. and of course the popularization of crypto currencies - where even my 78 year old mother asked me recently what this “BitCoin thing” is. Don’t worry mommy, it’s just a phase 😉.

For Paterva it has been a great year in many ways. A year of consolidating things and laying solid foundations for the future. So, before we sign off, here is a look at what you can expect to see in the Maltego universe next year.

Lots of effort is currently going into development and next year will see the release of:

Time and space support in Maltego (woohoo – you have been wanting this for a long time)Brand spanking new serversQuick and sexy ways to attach your own data to MaltegoLots of smaller improvements (check back here in due time)
So whether you celebrate Christmas or not, here is the perfect stocking filler for 2017 and a great gift for your partner/…

Time to say goodbye

All things must come to an end, nothing gold can stay – including my time with Paterva. As of today - 14 Dec 2017 - I will no longer be employed by Paterva. I also resigned as managing director of the company and disposed of all my shares in the company.
Many people have asked me why I decided to leave Paterva. I’ve always wanted a company where everyone is close enough that you can throw them with something (like a ping pong ball) and in the last year or so I feel like I’ve been holding the company back to become bigger than that. After 10 years of running Paterva I’ve realized we’re not a start-up anymore and that it’s time to hand it over to people that’s more adept at running ‘proper’ companies.
I am handing Paterva over to [Chris and Sonja]. They have been faithfully involved with Maltego since the start of the product and have been partners and significant shareholders in the company from the get-go. Handing it to them I am sure the product will go from strength to strength and…

Using the new transforms without all the questions

Hi there,

As some of you may have seen, we recently updated the client and servers for Maltego in order to make it better, faster and stronger.

If you're running the commercial version of Maltego (e.g. Classic or XL) these changes have resulted in an extra choice when running transforms between our old and new servers. Unless you've done a clean install of 4.1 you'll see the following when running a transform:

The choice is between the old servers (alpine), and our new servers (g52) - 'Paterva Public'. In the short term, either choice will work, though we would encourage you to use the new server 'Paterva Public' going forward as this will be using the shiny new transforms (feel free to compare speed / results!).
How to remove the old servers We will be releasing Maltego 4.1.1 within the next few days to remove the old servers from Maltego.

Until we release Maltego 4.1.1, or if you are running an older version of the client you can remove the choice of the …

Saving the planet with Maltego 4.1

Greetings people of the Internet.

In the last couple of months a lot of things have changed at Paterva. The good thing is that most of these changes will make your life better and will generally inspire you to live healthier. It's also better for Planet Earth - the environment - and it can help save lives.

Not really. Almost none of that is true of course. But enough with this nonsense - let's run through the changes really quick. Alternatively you can watch Andrew tell you about it:

Client side: Maltego 4.1
Exactly a year ago - to the minute almost - we released Maltego 4.0 (well - the Kali/CE release). Today we are releasing a new Maltego client - 4.1. Thanks AvA and PM team! The main change here is that 4.1 is all Maltego versions rolled into a single client. This means you don't ever have to download a different version - you can simply switch to it. It also means that any updates or fixes will be available to ALL versions of Maltego at exactly the same time - which in …

In our bid to take over the world we hunt ICS devices using Maltego.

In continuing our discussions of our Defcon talk (see previous post [here]) in this section we are going to look at ICS devices and what we can do with them in Maltego.
[Shodan] is a mass Internet scanner – much like [Censys]. The core idea is – find all the machines that are alive on the Internet, extract as much data as we can from them, put it all in a database and make that available to the world to query. Pretty neat actually.
We’ve developed transforms querying Shodan for a while – you can read about it [here]. When we started looking at ICS devices we saw that Shodan actually has a page devoted to it. It looks like [this]:

On every ‘Explore’ button you’ll see that it translates to a Shodan query string. For instance – for instance finding PCWorx device the query will be “port:1962 PLC”. In other words – look for devices that has the word ‘PLC’ somewhere in the response as well as having port 1962 open. This search term will find all of these devices that Shodan has seen on the…

Linking individuals to organizations using network footprinting and leaked data.

Every year we train on Maltego at BlackHat USA in Las Vegas. This year we decided to submit a talk to Defcon – the notorious hacker conference right after BlackHat. For various reasons our talk was not accepted (Maltego being a commercial tool was right up there). At the last minute a slot opened up and since we were backup speakers Andrew MacPherson presented our work on the Saturday.
If you didn’t see the talk this blog post will go into a bit more detail on what Andrew presented. The talk had two main sections – a) finding useful information pertaining to Industrial Control Service (ICS) devices and b) finding embarrassing information. In this blog post I am going to focus on the latter.
We recently saw a talk from someone on using Maltego for infrastructure footprinting. We’ve been doing footprints in Maltego for many years and the tool is well geared towards working with structured data contained in DNS and related services – so it was big ‘told you so’ / ‘glad you could make i…