Friday, December 24, 2010

Paterva Christmas gifts - for real

It's the 24th December 2010 - one day before Christmas. At this stage your mailbox is likely overflowing with silly corporate Christmas cards and special holiday offers that you don't really care about. We would like to present two real, free gifts for those that are still lurking at offices all around the world.

Gift A.1) A copy of Maltego 3.0.3 RC2 - not the final release, but damn close. You can download it [here]. It's a ZIP distribution, no install shield, but you'd be able to run it from the /bin directory. Remember - it's a beta. If you can't make it work - wait for the official release early in 2011 but keep in mind that the license key (B.2) will likely be used.

Gift B.2) A full, one year license key. Free. For a year. Yup. Here it is:
2607-1617-8614-4045-0807-7

You will be able to use this key on the official 3.0.2U1 client as well of course, and once we've released 3.0.3 officially it would be good to go with that too. It's strictly first come first serve, so dont' complain if the key aint working no more. That means you were too slow. Try again next year ;) Or better still, buy a real license!

In the next couple of weeks we'll start looking at what's new in 3.0.3 - what's fixed, new features and comparing performance with 3.0.2.

That's it for now. Enjoy the festive season and stay safe.
RT

Wednesday, December 22, 2010

Maltego 3.0.3 splash screen



So, we've asked 5 people which one they prefer, and 5 people chose the red one. I hate the red one. It's obscene.

I made the grey one. Andrew says I am just pissed that nobody chose my design.

Totally obscene...

RT

Friday, November 26, 2010

Massive speed and memory improvements

Today marks the last day of working on speed / load / memory improvements for Maltego 3.0.3. The rest of the time is dedicated to bug fixes. We think we're at the edge of the 80/20 boundary on this. And it holds true - in roughly 4 weeks we've made MASSIVE improvements on the speed and load performance of Maltego. 3.0.3 is FASSST. The last performance release I tested was blindly fast and yet we haven't looked at things like caching results, link compression and license key caching. So there is room to optimize even more.

I am super excited about 3.0.3. Even though there are no new features, it's something we should have done a long time ago. You'll see the difference straight away....

Wednesday, November 24, 2010

Transform Tuesday++ : Facebook,SOA,SPF and Shodan integration!

Hey guys,

Transform Tuesday is here again! Sure it might be a Wednesday, but unfortunately the Fremont data center that two of our Linodes are hosted on went down yesterday (http://status.linode.com/2010/11/fremont-power-issues-rfo.html) !

None the less, there is a small possibility that it's Tuesday somewhere in the world, much like the fabled "it's 5 o'clock somewhere in the world".

This installment has a bunch of new transforms and I'm going to show off some that @achillean did integrating both Shodan and Exploit-db! Our transforms show integration with the Facebook graphAPI as well as some new DNS transforms (SPF and SOA).

Lets get to the good stuff!

Facebook GraphAPI:
I'd like to preface this by saying that we are not trying to break the terms of use of Facebook and we think that we completely abide by the principles listed on http://developers.facebook.com/policy/:

Create a great user experience

  • Build social and engaging applications
  • Give users choice and control
  • Help users share expressive and relevant content

Be trustworthy

  • Respect privacy
  • Don't mislead, confuse, defraud, or surprise users
  • Don't spam - encourage authentic communications
However if we are asked to take down the transforms we will of course.

What are the Facebook transforms?
  • toFacebookObject - search Facebook via the graphAPI and return the results. Think of this as your Facebook search engine transform!
  • toFacebookAffiliation- convert the above objects to to a Facebook affiliation with the profile picture and a link to the profile.
  • toPhrase - try and extract the phrase from the Facebook object (what the status message was).
  • toPersonFromProfile/toPerson - extracts the person from the Facebook object that made the post so you can use this with the normal people searching transforms.
  • toEntitiesNER - take the phrase from the Facebook object and try and extract terms/locations from this.
  • toFacebookObjectPerson - simply search Facebook for this person's name.
  • toEntitiesNERTwitter - technically not dealing with Facebook, but also allows the same functionality as the above toEntitiesNER transform - but on tweets!
A quick example:
So let's take a look at the phrase 'TSA' on Facebook. Simply drag a phrase onto your graph, set your slider to 255 (3rd notch) and run the 'toFacebookObject' transform. You should see results like this:

Next you can take all of these entities to other entities with the use of Named Entity Recognition (NER) via the 'toEntitiesNER' transform. This will try and extract things like Companies, Locations, and other entity types from the messages. NER is not perfect, as you will notice things like 'Pat Downs' as a person. Keep in mind that NER is very difficult to do! However you can immediately get some results from what is being said in the public Facebook space, such as:


From the screenshot above you can see that the term has connections to the US, deals with two agencies and Mr 'Pat Downs' - someone I think many people can now relate to at this point in time!

Other things you can do is take each of the facebookObjects to Person entities so that you can then perform other searches on these people or identify people commenting a lot on the phrase you originally searched for. To do this you can simply select all the facebookObjects as before and run the 'toPersonFromFacebook' transform:


So why are these Facebook transforms useful:
  • Tracking spam: you can use a phrase that you know is used in spam, take this to facebookObjects, then take each of these to a phrase ('toPhrase' transform), and then again search Facebook for these phrases, rinse and repeat until you have identified all the spammers.
  • Tracking what is said about a specific term (and who says it the most) as well as how often they are talking about and who they are. You can also identify locations/companies/other useful information by taking these objects and performing Named Entity Recognition on them.
  • If it was possible to identify friends of an individual (think the typeahead bug) you could identify the spheres of influence around people on Facebook that you have found via your graphAPI queries.
How to get these transforms:

Entity: http://ctas.paterva.com/TDSTransforms/GraphAPI/facebookObject.mtz
Seed: https://cetas.paterva.com/TDS/runner/showseed/SocialMedia


SPF/SOA Transforms:
Recently the topic of spam came up in the office and why SPF(txt) records were never implemented - they seem to be a viable means to stopping spam. We looked at the implementation a bit and noticed some very cool things, such as:
  • Admins are lazy and want the ability to move their mail servers around so they give their entire IP range in the SPF records
  • SPF records often include other SPF records which show other domains relating to the one you are interested
Secondly a transform RT has always wanted has been one that looks at the SOA records for domains to get the zone's administrative email address and the primary name server (where the zone was created - this is not necessarily one of the current nameservers). These transforms often provides information that's not found in the normal enumeration process.

We have developed two transforms specifically aimed at these:
  • DomainToSOAInformation
  • DomainToSPFInformation
Hereby some examples of using these transforms:

SPF Transform:
Compare the NS of pentagon.mil (left) to the NS found in the SOA record (right):


SOA Transform:
Quickly and easily identify Google's netblocks from their SPF records:




These transforms have been added to the standard infrastructure seed which can be found at: https://cetas.paterva.com/TDS/runner/showseed/Infrastructure

Shodan:
This week there has been a lot of coverage of the Shodan transforms, developed on the TDS. The transforms essentially allow the integration with the fantastic shodanhq.com as well as exploitdb.com.

The transforms are as follows:
  • searchExploitDB - Search the Exploit DB archive's exploit descriptions.
  • getHostProfile - Returns the list of banners for the given IPv4 as well as general host information (hostname, location, etc.).
  • searchShodanDomain - Search the Shodan database for information on the given domain name.
  • searchShodanNetblock -Searches Shodan for hosts contained in the given netblock.
  • searchShodan - Use the Shodan search engine to locate computers.
Some examples:
Identify hosts belonging to google.com:
  • Drag the domain google.com onto the graph and run the searchShodanDomain transform or run the searchShodanNetblock on one of the netblocks found with the SPF transforms (see earlier):



  • Verify these results by running the getHostProfile on one of the returned IP addresses:

  • Search for host responses with the word 'scada' in them by dragging the phrase 'scada' onto the graph and running the 'searchShodan' transform:

  • Identify Vulnerabilities that have 'scada' in the name or description by using the same phrase and running the 'searchExploitDB' transform:

Overall these transforms are awesome, and it is great to see people building (and releasing) transforms via the TDS! Hopefully we can see improvements on these such as:
  • Ability to search the returned banners against exploitdb
  • Ability to search the builtwith.com results against exploitdb
  • Exploits with a link to where one can find the specific exploit
Where can I get the shodan transforms?
The Shodan transforms can be found at http://maltego.shodanhq.com/

Finally, apologies for the Goliath of a blogpost. When I started it this morning it didn't seem like that much, but it's grown quite a bit. Special thanks to the Shodan guys for developing some awesome transforms.

Damn the man. Save the Empire.
-AM

Saturday, November 20, 2010

Maltego 3.0.3 is looming

3.0.3 What's in there and when it's released
Maltego 3.0.3 will be released before the end of this year (or perhaps in the first week of 2011). There is good news and bad news. The bad news is that 3.0.3 will not really have any new features. The good news is that it is a 'performance and stability' release. Which means - it will be fast. Very fast. And stable, very stable.

We've been working for the last 3 weeks with one goal in mind - making Maltego work better with large graphs. The target is to comfortably work with 10K node graphs on a 1GB JVM and Dual Core processor. And we're getting there. Of course, if you happen to own an I7 with 8GB of RAM, your experience will be much better and you'll be able to handle many more nodes. The side effect is that smaller graphs will be super fast to navigate, select and run transforms on.

We've also made a list of 'well known bugs' that have never made it to the priority list. Things that irritate us but that we've learn to live with. Many of these will be squashed. It's just that time now - time to grow up and fix it. It's hard to not add features - there are so many that we all want in Maltego.

New transforms coming + Shodan transforms
We are also releasing some new transforms this coming week. We've been sitting on a couple for a while and now it's time to make them public. Lastly it was GREAT to see that the folks of Sodan have adopted the TDS and made some transforms. This is exactly what we had in mind with the TDS. You can catch all the action at [http://maltego.shodanhq.com]

Crisp out,
RT

Tuesday, November 9, 2010

New infra enum transforms - with sweet example

We're happy to release a couple of simple transforms via the TDS that assist with the foot printing / enumeration of infrastructure. These are:

  • NetblockToNetblocks
Essentially this transform breaks large networks into smaller chunks of networks. This is useful when you have transforms (such as reverse DNS, portscans etc) that only works on class C networks...and you are stuck with a class B.

  • NetblockToIPs
Shows every IP within the netblock as a separate IP address entity. Useful when you need to run a transform on an IP address itself, and want to repeat the process over all the IP addresses in the network. An example of this will follow.

  • WebsitetoDNSName
  • NStoDNSName
  • MXtoDNSName
These transform simply converts the NS,MX or website to a DNS name so that the enumerate numerically transform can work on it. In other words - see the next transform..

  • enumerateHostNamesNumerically
This transform will test for the existence of DNS names that end with the same name, but another number. As example - if ran on mx1.domain.com it will check for mx1, mx2, mx3.domain.com. The range and padding can be set with transform settings.


Examples

How is this interesting at all (because frankly, on the surface it looks pretty boring) ? Let's look at examples. Let's assume we are are foot printing a domain called eop.gov (if you missed that class - EOP is the Executive Office of the President - which, network wise, is a lot more interesting than whitehouse.gov). We run the 'Find common DNS name' transform on this, and end up with a graph like this:


Clearly ns1 is a good candidate to be enumerated numerically. And so we shall:

The transform will ask us for some transform settings:


And ends up producing a graph looking like so:


With a couple of more transforms, a little re-arrangements and manual linking we get:


The resultant DNS entries (at the bottom of the screen shot, and produced by looking at reverse DNS within those netblocks) also looks yummy for numerical enum, so we'll run them too (but perhaps from 0 to 99 with one digit padding). You end up with graph looking like this:

In the end we'll take all of the DNS names, copy them to a new graph and resolve them to IP addresses. This gives us:

For the next step we'll use one of the other new transforms. We'll take the two blocks, and enum them to individual IP address entities. Why? You'll soon see. But first, this is what it should look like:


The blue dots are the IP addresses. The 'hands' sticking out at the sides are IP addresses that were discovered from two transforms, resolving the DNS names, and the enum. Sonowwhat? Now, we'll put every IP address into a search engine and see if there is any results. EH? Well, when anyone browses the 'net the site that they browse probably records the IP address in a log...and sometimes, just sometimes...those logs get index by a search engine. So - we end up with a graph that gives us a list of websites that were visited by that IP address. You might think it does that happen a lot - but you'll be surprised. Hereby the resultant graph:

The blue dots are IP addresses, the pink ones are websites where that IP address was found. This is the edge weighted view, so the larger the sphere, the more IP addresses pointed there. Of course, IP addresses don't just end up in logs that gets indexed. This closeup shows you why:

In fact, the more interesting sites are the ones that are only visited once or twice. We can also weed out the false positives (sorry Rob, in this case that's you) by searching our graph for words like 'usage stats' and the likes. The results then start looking a lot better - here is a small portion of the graph:


In the detail view we can see when and what were visited:


If you missed the point of this whole mission - it was to see if we can figure out to which web sites the people in the Whitehouse browsed to..

Anyhow - this was just a *brief* idea of where you can go with these transforms. On their own they are boring and bland, but when used with others they sparkle.

OK, initially I thought "brief" and then I ended up spending 45 minutes on it (most of the time copy and pasting the graphs, cropping them and struggling with this web interface blog editor).
Also, before I forget, and your reward for reading all of this - the seed for these transforms can be found here:
  • https://cetas.paterva.com/TDS/runner/showseed/Infrastructure
You may use instructions on [this blog post] to see how to get these into Maltego. They don't need any special entities. So it's load, discover and play.

Crisp out,
RT

Free BuiltWith.com Transforms!

Builtwith.com is a fantastic site for enumerating technologies used on a website, things such as JQuery, Google analytics and additional server information such as the type (Apache/IIS).

For example, if you had to perform a lookup for www.paterva.com/web5/ you will receive a results page (as seen on the left). This page includes that our website uses/is run on:
  • Apache
  • Ubuntu
  • Mod_SSL
  • JQuery
  • Google Analytics


But why Andrew, WHY?
So out the bag this may not seem that exciting, anyone could simply go and have a look at the source of a website and look for keywords relating to the technology, or even look for key directories (Wordpress' /wp-admin/ directory for example).

However imagine you were looking at a large number of websites, in this example gov.za space ( I placed a domain 'gov.za' onto my graph and then ran the "To Website DNS [using Search Engine]" Transform with my slider set to 255):



How would you correlate which technologies were being used with which websites? Well simple, with Maltego of course (and a bit of code to integrate with the BuiltWith.com API)!

The next step would be simply to select all of the websites found and run the "ToServerTechnologiesWebsite" transform. This will then return the technologies used for each site as seen in this example with just 1 website:


You would then run this across all of your websites to view what kind of technologies were being returned!

Initially we noticed that there was a lot of excess data coming through, technologies such as Javascript, CSS and SEO_H1 which we have since discarded and are only looking at results in the following categories:
"cms","framework","server","Apache Module","Database","Hosting","Interent Communication Server","J2EE Server","Security","Server","Web Accelerator","Web Host","Web Master","Web Server","Web Server Plugin","Web Technology","analytics","javascript"

If there are others you would like to see from the API ( http://api.builtwith.com/ ) feel free to let us know.

So where to from here?
Well now that you have a list of all the technologies used you can see interesting correlation between the data, such as:
  • Are all the websites running the same technology or are there odd cases, and if so why? (Does some dev have a machine running thats accessible from the internet running a vulnerable server)
  • Is the infrastructure mostly Windows or *nix based? (Apache vs IIS)
  • Which CMS' are used, and where? Are they all the same or are there variants?
  • Which websites need their technologies upgraded!
  • What is the most common technology used between all the websites?
Show me the money!

In edge weighted view we can quickly identify the most common technologies used:


And by using the Entity List view I can easily identify the top used technologies by searching for 'BuiltWith' (its the type) and then sorting by incoming links:


Give me the Entity and the Seed!

Entity: http://ctas.paterva.com/TDSTransforms/BuiltWith/BuiltWithTechnology.mtz
SeedURL: https://cetas.paterva.com/TDS/runner/showseed/builtWith

You can follow our previous post on importing these here: http://maltego.blogspot.com/2010/11/transform-tuesdays-free-maltego.html

Last but not least
I'd just like to send out a thank you to Gary Brewer from BuiltWith.com for some changes we requested to do HTTPS as well as HTTP and for helping us out generally with our BuiltWith.com queries!

I'd also like to point out that these transforms run on not only a website but also an IP address as well as URL. Please also note that BuiltWith.com does not currently follow redirects so it will simply try connect to the website, IP address or URL and return the information based on that single page (no spidering).

We look forward to seeing the community respond with more transforms like this!

Transform Tuesdays! Free Maltego Transforms!

Yes, it's not nearly as popular (yet) as Patch Tuesday, but at least it's an alliteration.

We have been working on a bunch of new TDS based transforms that we would like to share with the community in the hope that the community responds with more transforms of their own.

Today we will be releasing two sets of transforms:

BuiltWith.com integration via their fantastic API
Enumerate server side technologies of Websites and URLs. These include things like CMS (Joomla, Wordpress), Server information (Apache, IIS) and other technologies used (Jquery, Youtube, Silverlight, etc)

Various useful infrastructure transforms
Couple of transforms to help with infrastructure enumeration including Netblock to IP addresses and Netblock to Netblocks.

How do I use these Transforms within Maltego?
You will need two things to use any of the upcoming TDS transforms (and any we post in the future).

  1. Maltego Entity Objects file (mtz) with any custom entities that are used for these transforms. NOTE: This is only needed if there are custom entities.

  2. Seed URL: This will point your Maltego interface to where it can find new transforms.
Enough! Show me with pictures!

Importing custom entites (Where needed)

Click on Import Entities

Select the supplied Maltego Entity Objects file (mtz)

Select the entities you wish to add

Add it to a group

Enjoy your crisp new entities


Discovering Transforms:

Click discover transforms


Add a name for your seed and the supplied URL


Neeeeeext

Neeext

Neeeext

Finished! You now have some crisp new transforms!


In the upcoming posts we will release the mtz as well as the Seed URLs for the new transforms.

Wednesday, October 27, 2010

Maltego 3.0.2 is live!

So, there we go. Maltego 3.0.2 is out - and - finally - we have an OSX release too. In terms of functionality it's about the most we've done in a minor release. I think it's a pretty release. You can find it on the web site on the [download page].

The other news that's really exciting is that we *just* heard we are training at BlackHat Federal in Washington DC. Woot^2! You can check out our course outline ---> [here]. More on this later.

Enjoy responsibly!

Maltego 3.0.2 is here (soon..really soon)

Hey Guys,

We are at the stages where we are finally starting the build processes for 3.0.2 putting out deb's, rpm's and yes even an OSX dmg !

There are some fantastic new features in this version including:
  • Labelling, Colouring and Styling links
  • Path Selection ( find paths between two entities )
  • Entity and Link selection modes
  • Selecting of similar nodes
  • Copy and Paste between graphs (With and without links)
  • Copy to new graph (with and without links)
  • Copy to new graph with Neighbours/Parents/Children and the depth of that
  • Various bug fixes
  • Improved performance with links
The dev team has really put a lot of hard work into this release and it really shows!

In other news we have also been working on some new transforms to be released via the TDS at some stage ( most likely next week ) which will include the following:
  • Netblock expansion - take a Netblock to the IP addresses within it
  • Numeric hostname enumeration - enumerate hostnames numerically (so from mail.domain.tld look for mail1.domain.tld-mail99.domain.tld), with padding and so on
  • BuiltWith.com technology lookup - look up the various technologies used on particular websites (apache/jquery/joomla/etc)
  • Facebook GraphAPI Searching - lookup what has been said in the public space on facebook via the graphAPI ( think posts/videos/links ) and who said it!
And without further ado, a screenshot showing some of the built with and the new links!


Lastly, a special thank you from all of us over here to Nadeem Douba who really pulled through for us helping with the Mac release! Thanks guy!

And now back to building! Downloads soon!

-AM

*UPDATE* you can grab the addendum at http://www.paterva.com/docs/3.0.2.addedum.pdf

Tuesday, October 19, 2010

3.0.2 is delayed by one week

The 3.0.2 release is going to be late. Yep - can't help it. It was supposed to be out by the 21st...but we've run into performance issues - specifically because links now carry loads more data information.

The plan is now to get it out by the 27th - a week later. And yes, we still plan to have the OSX release ready by that time too. So, just hold on a bit while we get 3.0.2 ready for you.

Monday, October 4, 2010

3.0.2 release schedule ...and more



It's been a while since I posted to the blog. I was secretly hoping Andrew would make a posting...tsk tsk - the youth of today!

Many things happened since the last post. I spoke at Ekoparty - it was a blast (see attached photo). Also we are hard at work at 3.0.2. The good news is that version 3.0.2 will also include an OSX version. That's right - an OSX version. For the Mac.

Version 3.0.2 focussed on making manual linking easier. We have line style, color and thickness now..and labels. Oh and copy and paste will work as advertised in 3.0.2! I've attached a screenshot of an early beta of 3.0.2.

The only question is WHEN? At the moment the release date for 3.0.2 is pegged at 21 October - that's around 3 weeks from now. Let's hope we make the deadline!

Wednesday, August 18, 2010

Transform Distribution Server (TDS) is live!

We've been way busy getting the TDS ready - in the last couple of days we've created 4 videos of how the TDS works and what you can achieve with it. The last of the videos uploaded some minutes ago. You can catch them all [here].

The TDS gives everyone the ability to integrate their transforms with Maltego - without having to do the hard work yourself, but with the flexibility of having your own server. Combined with the ability to build and share custom entities we think it is a pretty powerful concept...

You can register on the TDS [here] and the documentation and libraries can be found on our website over [here].

Feel free to register and play around - and do gives us your feedback!

Wednesday, August 4, 2010

3.0.1 Commercial - bugs fixes, features and dates

Maltego 3.0.1 Commercial edition release is due soon (hopefully next week). This version will see the following bugs fixed:
  • Black icons (after some idle time)
  • Transform cancellation now works as expected
  • Matching rule on entities is sorted out
  • UI state is kept after restart
  • Stability issues, cosmetic and 'small bugs'
The following features have been implemented in 3.0.1:
  • Printing of graphs (also to PDF, multi page)
  • Custom transform images now in categories
  • Export to PNG (& setting the output resolution)
  • Reporting (think 'turn my graph into a 400 page PDF document')
  • All entities in palette (for when you want to use manual linking)
  • Automatic periodic transform updates (so you'll see when a new transform is available)
3.0.2 focus will be:
  • More control and options on manual linking of nodes
  • Annotation of entities and links
  • Copy and paste
3.0.3 focus (we think/hope) will be:
  • Importing of local data (CSV and friends)
Lastly - TDS. It's coming soon...

Thursday, July 22, 2010

Security Year End Function

BlackHat Vegas is upon us. Sadly we won't be there...but Maltego will be! We know of the following places where Maltego will be shown:

  1. Offensive Security Training (Pentesting with BackTrack)
  2. Suggmeister (Chris Sumner)'s talk - Social Networking Special Ops
  3. At the HBGary kiosk - and in Greg Hoglund's talk- Tracking Cyber Spies and Digital Criminals
Also - for the duration of BlackHat and Defcon as special offer - use the coupon 'BlackHat' and get 25% discount on Maltego licenses.

If you see Maltego in any other talks or training - let us know. Yes! Soon we'll have MaltegoCon - hee hee...;)

Thursday, July 15, 2010

LawTrust/ Entrust - thanks!


Due to the fact that Thawte took their sweet time to get our certificates sorted out, we decided to look at the local crowd LawTrust to get our other certs. What a pleasure - got it in one day. It helps that they are based here in ZA. Thanks Megan/Chantell/Christi/Maeson - you rock!!

Wednesday, July 14, 2010

We have valid certificates now..


So there...no more self signed.
CETAS and Alpine will follow soon.

Sunday, July 11, 2010

Growing up..


Soon we'll have board meetings too... :(

Thursday, July 8, 2010

CE is live!

Hey guys,

Finally I get to post something on the blog! We have been working very hard (and even harder this week with me going on holiday tomorrow!) and for once we have released ahead of schedule!

Thats right, the fantastic new Maltego CE is here. We have given a lot back and most of the limitations have been cut back plus we are working on some really new exciting stuff for the community (container TAS).

Thanks for all your support and comments - we really appreciate it.

See you on the 20th :)
-AM

Community edition and HITB feedback

It's been a while. Came back from Amsterdam a few days ago where I presented at Hack in the Box (HITB). It was really a cool conference (thank Dhillon/Amy and the rest of the team!). Not too many people, not too few. Really nice vibe - and it was good to be back in the Kras. Made some new friends and got to see many old ones again. It was good.

We are releasing CE edition of Maltego tomorrow unless there's a major train smash. We've made CE3 less restrictive - the hope is to get a lot more of the community involved. Hopefully we are not shooting ourselves in the foot in terms of funding for more development (yea - version 3.1 is looming in the distant future).

Soon after the release of CE we will also release CCTAS - those that saw the talk in Amsterdam will know what's potting (excuse the pun). I showed a short video of where we are going with that. The bottom line is that it will allow the community to write and host their own transforms - and the client will automatically update transform list as we go along. Exciting times for sure!

Will keep the blog updated for the release - watch this space!
Now - let's get the show on the road - 'latererer...

Monday, June 21, 2010

There IS life after 3

Last week saw the release of Maltego 3.0 and the new website. Stress levels are slowly returning to normal...

It went fairly smooth - just took a long time to upload everything and we missed our official deadline with 2 hours and 14 minutes. Not bad considering a 15 month wait. It was the Maltego+JRE (40MB) upload that killed us. Oh and the fact the the debs and rpms said 'Maltego 3 Beta' and we had to rebuild them. Funny thing - 5 minutes after the last upload was done the power died and we sat here in the dark. If it was 5 minutes earlier I would have cried lots...but it wasn't. After that was post 3 release celebrations with good food, good beer and finally - good sleep.

So far there have been 2 little problems (which we sorted out). The first has to do with licensing - a small number of users have been affected in a way that they need to activate the product every time they reboot. Bleh. Fixed. The other problem had to do with authenticating proxies. Seems the dialog that asks for creds was incompatible with what we were using. But that's solved now too.

We are currently uploading the new build - so if you experienced any of the above problems you should just grab a new copy (in a few minutes - let's wait for the upload to be done).

In just more than a week's time we are speaking at Hack in the Box in Amsterdam. Should be fun. If you are around, come say hi.

Oh, and over the weekend I installed new lights in the office. And more heaters, a fresh cat blanket and more cups ;) See...even after the big 3 release ... life goes on.

Tuesday, June 15, 2010

Maltego 3 was officially released 10 seconds ago

Maltego 3 is up. We're there. It's happened.
Website up & running...enjoy!
http://www.paterva.com/

Release is today at 16h00 GMT+2

Finally we are releasing. Today. In a few hours. Just putting the final touches on the website and re-testing all the installs. It also means you have about 6 hours to still buy licenses at the old price.

We are all a bunch of nerves. I hope all goes smooth. Next time I write Maltego v3 will be out there in the wild...eish.

Monday, June 14, 2010

Tomorrow!

The release is tomorrow. Tomorrow. After 15 months the release is TOMORROW.

We are fixing the last of the (obvious) bugs. I am pretty sure there are still a couple left - in a system as complex as Maltego 3 there will always be something that's itching. But mostly its all systems go. I must say with everything coming together v3 is one sexy beast. It really looks and drives super slick. Won't be missing v2 soon..

Today is going to be a looong day. Getting the site sorted, testing and retesting the release. The vuvuzela people woke me up at 6am and there was no more sleep - just thinking of all the things we still need to (and can) add to make v3 more special.

Tomorrow there will be a final post as v3 go live...

Friday, June 11, 2010

Almost...


Nerves. Redoing the website. Fixed two transforms that were unstable. Changed transform descriptions to make it read nicer. Worry about next week. Prepared dedicated M3 server. Payment gateway tested.

Oh and kickoff for the World Cup is in 45 minutes.

Thursday, June 10, 2010

Chinese hackers


Getting the server ready I was making sure that we have Unicode on the server side ready as well. I did mention we have Unicode support in v3 right?

This is Google's translation for simplified Chinese of the word 'hackers' in Maltego + 12 sites containing the word:

Wednesday, June 9, 2010

Less than a week to go..

With less than a week to go for Maltego v3 it is tense times all around. We ran into a nasty bug that needed sorting - e.g. a deal breaker. It finally broke this afternoon. Now we can keep on working down the list of known bugs.

We decided to have a dedicated server for v3 and phase out v2 as we go along. This makes it a easier to migrate existing users to V3, but it means a bit more work this side.

We're also working on a new website. Anyhow - more as we go along...

Wednesday, June 2, 2010

SQLTAS v1.0 - what a mission!!

We're done! The new SQLTAS is ready for beta testing. We've had all our days getting the Oracle and DB2 ODBC drivers working but it's all in the past, and we're in beta testing phase...with 1 tester. They're a pretty demanding client - linking between four different databases on two different DB platforms. Let's hope there are not too many issues.

After the 3.0 release we'll spend more time on this and roll it out to all server clients. For now - it's all engines firing for the 3.0 release on the 15th.

Oh - the cables (DSL) have been restored after about 10 days of downtime. The USA soccer team (think World Cup 2010) is staying a couple of blocks from the office- they arrived yesterday. Funny - I wonder if this is a coincidence.

Monday, May 31, 2010

Licencing implemented

As per schedule the licensing for Maltego 3 is sorted. This means we are fairly on track with the schedule. This week we start with cleaning up bug / interface / cosmetics. There are MANY things that are still VERY wrong.

I am guessing we'll end up with a 3.0 on the 15th and a 3.0.1 on the 1st of July. Question is - do we make 3.0 commercial bug free, or do we spend time building 3.0 community edition? Hmmm...priorities...

Friday, May 21, 2010

So far so good

Local transforms are working in v3. It will be using the v2 specification...for now. In 3.1 we'd like to extend it to be able to use the v3 protocol, but for now it's going to have to roll with v2 protocol. See, me talking about 3.1 and we don't even have 3.0 out the door. Tsk RT..

We're on track...next up is licensing.

Thursday, May 20, 2010

Pricing and upgrades

A lot of people have been asking about the pricing and upgrade path to V3 - so I decided to put something out. For now the idea is going to be like this:

V3 will be around $650. We're not 100% sure on the number. AM says $750, but I think it's too steep for end-users. We've had the price pegged at $430 for V2 for over 2 years, and with all the extras coming in V3.0 and V3.1 as well as inflation I think 650ish is fair.

The good news is that valid license holders will get a free upgrade to V3. That means, if you buy now you pay $220 less than if you buy when we release in June. Also, if you are a valid license holder, subscription STAYS at $320 per year and you'll be automatically upgraded. In others words - hang on to your license if you have one.

Wow - I sound like a proper sales person....how freaky...

Monday, May 17, 2010

Load and Save is working!

So far, we're on target for a 15th June release. Last week 'Save/Load' was implemented. The file extension is called MTGX - a zipped file that contains the graph (in GraphML with Maltego extensions) and the entities - even custom entities. The file can also be used in the Entity import function. That means you can share you custom entities by simply sharing the file..

Before the end of the month we're looking for licensing and local transforms (v2). That means we get 1 week to sort out silly bugs and cosmetics and 1 week for packaging / documentation (BLEH) and getting the website ready.

Meanwhile we're also hard at work on the SQL TAS - idea is to have it ready with v3 around the 15th too. Exciting times!

Friday, May 14, 2010

SQLTAS - coming soon!

Hey guys,

We are working on an awweeeeeeesome new SQLTAS, here are some tasters!

-AM