Friday, December 28, 2012

Manually linking one node to multiple others

Someone asked support@paterva.com: "It is very tedious to put five thousand arrows of emails to a single identity. Is there any way to make this easier?" There is indeed an easier way and I thought I'd put the recipe out here on the blog:

Follow these easy steps to link many nodes to a single node:
  1. Select the many nodes.
  2. Move the mouse pointer so that it hovers over the single node, but don't select it.
  3. Left click on the single node AND hold the left click button in.
  4. Drag a line to any of the many nodes.
The single node will now be linked to the many nodes with multiple links, but the link direction must be inverted.

We now need to select all these links and invert their direction. To do this:
  1. Select the single node.
  2. On the ribbon go to Investigate -> Select links -> Outgoing. You can also do this by holding control and dragging a box around the links.
  3. On the ribbon - Investigate -> Reverse Links.
  4. Voila!
For those that need pictures - here they are:








Thursday, December 20, 2012

Maltego Radium Community Edition Released!

Hi there.

As promised, and on time, we are proud to release the community edition of Maltego Radium.

Some of the major features of Radium are:
  • Use of machines (transform sequences - use, edit and build your own!)
  • Incremental Auto update (You don't need to download a 80MB release ever again)
  • Full screen mode (think dashboard)
  • Massive memory and speed optimization
  • Sound (useful when you switch to something else and want know when your transforms are done)
  • Find in files (only added this some weeks ago to the Commercial edition!)
  • And much much more...(tm)
We have also upgraded the community server to leverage all the new cool goodies (like link style/color, notes on entities etc) that Maltego Radium offers.

To get the new Maltego Radium Community Edition simply download the community edition from our [website] - or click below:


The huge improvements that used to be only available to commercial users are now available for everyone! Having said that - results are still limited to 12. This also apply to machines - you can only have 12 entities in a pipeline.

We hope everyone has a great time using our new product!
RT


Wednesday, December 19, 2012

Useful Christmas gifts

It's that time of year again. When most people are not at work and those that are at work are trying to get all the things done they couldn't do in the 'normal' time of the year. We like to provide some rewards to those hard core 'at work over the festive season' people:

1) Like we did last year we are giving you discount on Maltego Radium and CaseFile. 33% off the normal price if you use the coupon 'Christmas2012'. The coupon is valid till the 25th of December. Or the end of the world, which ever happens first.

2) If all goes according to plan, we'll be releasing the community edition of Maltego Radium this week.

Wait...in 1) you're saying you can buy it cheaper and in 2) you're saying the community (free) version will soon be out? Is this not really bad marketing strategy? Indeed. But then again - it would be silly and cruel to delay either just because it might make us a few bucks. And now is not the time to be cruel. Perhaps it's the time to be silly - but in a good way....like.. like...

3) Like a silly picture - which - if you are not planning to use Maltego ever makes this blog post still worth reading:


More here once we're done with Radium Community.
Enjoy,
RT

Thursday, November 29, 2012

Radium Update 2

About 36 hours ago we 'pressed the button' on Radium Update 2. This update is distributed to Radium users via auto-update. We decided it would be fitting to make a short video of the highlights of this update (we like to call it 'service pack 2' - as it sounds very grown up).
Click below to view:


The reason we made the video is because:
1) We're pretty lazy - and it seems like a lot of work to write it all up.
2) People generally have more fun watching videos than reading documentation.
3) A big camera vendor sent us a bunch of equipment to evaluate. No not really. We wish. I wish.

One thing that Andrew forgot to mention in the video is that the MSL (Maltego Scripting Language) was also extended with some new pretty functions. The MSL doc (updated with a shiny new reference guide) is at http://www.paterva.com/MSL.pdf. Those of you that like writing your own Maltego Machines should definitely take a look.

The Radium community release is almost ready and if all goes well we'll be able to release it just before Christmas.

Enjoy responsibly,
RT

Thursday, November 15, 2012

Coolness coming in the next Maltego Radium update

Hi there,

We're planning to release another update to Radium before the end of the year. Also we're very much hoping to release a community edition of Radium at the same time. Send Redbull, cupcakes and vitamins and we might just make it!

One of the new features in the update is 'Find in Files'. It's pretty cool because it means if you have a group of analysts working together (and you are saving your files on a share somewhere (hey, we should try it with DropBox)) you can now easily search through all of the graphs and create a merged graph of everyone's work that matched your search terms. It will even try to open encrypted graphs with provided passwords!

Attached some boring looking screen shots. The feature works pretty well already:




In the last screenshot you'll see that we now provide you with the ability to add metadata to your graph which is useful when browsing FiF (Find in Files) search results.

And now for something completely different

Another feature we're adding (OK no - we really hacked it in there) is that transform writers can soon describe links (label, color, style, thickness) as well as have the ability to create notes and bookmarks using code. I say 'hacked' because we really have to do a proper implementation of protocol 3 to make it nice and clean - but in the meantime you'll soon be able to add it as the entity's properties like so:

<MaltegoMessage>
    <MaltegoTransformResponseMessage>
       <Entities>
          <Entity Type='Person'>
         <Value>Pietertjie Vermeulen</Value>
             <AdditionalFields>
                <Field Name='link#abc' DisplayName='Some link property'>link prop value</Field>
                <Field Name='link#maltego.link.label'>karnallie</Field>
                <Field Name='link#maltego.link.style'>1</Field>
                <Field Name='link#maltego.link.show-label'>1</Field>
                <Field Name='link#maltego.link.color'>0x00FF00</Field>
                <Field Name='link#maltego.link.thickness'>3</Field>
                <Field Name='notes#'>Die bliksem steel my ouma se koekies</Field>
                <Field Name='bookmark#'>1</Field>
             </AdditionalFields>
          </Entity>
       </Entities>
    </MaltegoTransformResponseMessage>
</MaltegoMessage>

Yes we know - you really want graph in / graph out but hey- it's a step in the right direction.

We'll keep you update on the progress - but if all goes according to plan we'll have it out before the end of the world.

Baby seals,
RT

Thursday, November 8, 2012

Victor Viktor / Next new feature for Maltego

This week we created a new video - mostly just because we like making videos and having fun. It shows how to verify email addresses by hand and with Maltego. Sure, it only works on some mail servers, but it's a fun and useful trick when it works. 

The video has an extended intro that features Agent Smith and Agent Fox - two pretty incompetent law enforcement officers trying to compromise a target using a sexy waitress and two dodgy USB memory sticks. And hey - it's *supposed* to be goofy/cheesy and over the top. Click below to watch:



In other news we've also decided that proper graph sharing / collaboration will be the next feature we'll implement in Maltego. It means you'll have the ability to work on a single 'investigation'/graph with all of your friends across the Internet or LAN. The emphasis in the design was 1) strong crypto on the P2P traffic 2) ability to share graphs anonymously 3) ease of use. We think we got something that will satisfy all of the above - and best of all - it would not require you to host your own server! 

We'll keep you up to date with the progress.
Happy days!
RT

Friday, September 21, 2012

Hailstone sequences visualized in Maltego with machines

Some days ago Glenn (from SensePost) talked to me about an interesting concept he has seen regarding convergence in Wikipedia. He wanted a way to visualize it and I gladly helped him with Maltego and some machines. It's his story to tell - so I wont.

Then - literally a day later I was reading XKCD and saw this:


I had the concept already in Maltego with machines (for Glenn's experiment) - I just needed the transform. I spoke to Glenn - he was up for hacking it together (I am lazy that way) and sure enough - 15 minutes later graphs were forming. The machine I used looked like this:

machine("axeaxe.Collatz",
        displayName:"Collatz",
        author:"RT",
        description: "Just playing") {

        onTimer(1) {
            type("maltego.Phrase",scope:"global")
            outgoing(0)  
            value("1",invert:true)

            log(">",showEntities:true)
            run("paterva.v2.Collatz")

        }
}


The tranform was really simple - if the number (X) was even it would return (X/2), if it was odd it would return (3X+1). The machine simply looks for all phrases (we used phrases as numbers) that did not have a child and was not equal to '1' and ran the transform on all of those - every second.

The graphs are pretty nice (click on them for a larger version). I used 500 random numbers between 1 and 10 000. There's a total amount of 6085 nodes on the graph - and it's still pretty responsive. The graphs show how they all coverge on '1' - I used different layouts etc. All in all it was a fun project - and it helped us to iron out some bugs in Maltego Radium machines.

The Collatz conjecture can be found [here on Wikipedia]. It's also called 'hailstone' sequences (they fall & rise silly - that's why).

Enjoy the pretty pictures!
RT






Maltego Radium - first update released!

As promised earlier this week we just released our first update for Maltego Radium. Your client will automatically detect the update and guide you through the (painless & fun) update. If you are impatent you can also force the update by clicking on on Application button (that's the sphere thingy at the left hand top) -> Tools -> Check for updates as shown in the screenshot below:



The latest build number is 3453. You can see the build number in the About Box (application button -> More about Maltego -> About:


The update includes the following:
  • A lot of memory optimization - especially in the area of machines - but we also fixed memory leaks that have been in the application for years.
  • Machine optimization in terms of speed - especially when dealing with many entities.
  • Cosmetic update for Mac - as described in the previous post.
  • Cloning of machines are now possible.
  • Optimization for bookmarking multiple objects.
  • Optimization for manipulating entities in the detail view.
  • Extending the MSL to include negating filters (add ',invert:true' to any filter to invert it). This update will soon be reflected in the official MSL guide.
  • Improved machine management and display.
  • Various silly bug fixes.

The update is live as of 21/9/2012 19h00 Friday evening SAST.

Enjoy & remember - Monday is National Braai Day (NBD) in South Africa!
RT


Monday, September 17, 2012

On videos, Dinky toys & the upcoming update.

In this week's episode of 'You & your Maltego":
  1. A new video is released.
  2. We probably insult Mac users and talk about Dinky toys.
  3. ...and what's new in the upcoming Radium update!
Video
1) Perhaps our motivation has not been 100% pure in making a new video. It could be driven by new technology obtained by senior Paterva staff (Roelof has new video making toys). Alas - it's informative and fun if not highly entertaining. Not only will it have special appeal for teenagers of the early 90s, it also shows the outside of our corporate (*cough*) offices. Link below:



Dinky toys

2)  Mac users are normally very stylish. Tell a Mac user his desktop looks a little childish and you will most likely cause permanent damage - to you or said user. You might lose a friend or a limb. Maltego on the Mac was always an afterthought (in fact - when we started building Maltego there was always lag between the Windows/Linux and the Mac releases). And let's face it - the Mac release never looked as good as the Windows release (**cringe**). So we fixed it and took off the training wheels. Here are some before and after photos:

Before:
 After:

Mac users - you'll see the entire look & feel is now ... better. That is - it looks a lot tighter and nicer.

Update
3) We will be releasing an update for Maltego Radium very soon (end of this week perhaps). In this update you'll get the following wonderful things:
  • Memory optimization. Major work done here. We fixed many memory leaks that were part and parcel of Maltego since the 80s.
  • Better performance. We tweaked performance. It's faster - in many small ways that all add up.
  • Mac users will lose the Maltego Dinky Toy look & feel. It's time for Maltego to grow up.
  • New machines. We've added two more machines.
  • Dedicated button to clone machines.
  • Extended the Maltego Scripting Language (more on this as we release the update)
Because we have incremental updates Maltego Radium users (all platforms) will have to do ... NOTHING to get these updates. No downloading 100GB. No re-installing. No looking for the license key. Just click update and restart Maltego.

RT


Tuesday, September 4, 2012

Maltego Radium - Iceland, video, download and more

Hi there,

We're finally back from Iceland. It proved to be well worth the epic journey. It's a strangely hypnotic country with fantastic sights, super friendly people and the coolest beanies on the planet. We've uploaded some photos on our [Facebook] page if you're interested to see what it looks like.



Maltego Radium went live on Friday, late afternoon and we 'pressed the button' from a teenager's bedroom in rural Iceland. That's a story on it's own. At the same time we also launched our [new website] - where you can download the latest release. The next day, back in Reykjavik we grabbed some tables and made the tutorial video (one take) in a corner of the opera house. If the video seems a little rushed - it's because we were counting the seconds before security rocked up. We took the footage back to our hotel, edited and uploaded a few hours before we had to catch the bus (at 4am) to the airport, via London, back to South Africa.

Here's the result (click to view):


The following new features are available in Maltego Radium:
  • Machines - the long awaited Maltego scripting language allows you to sequence transforms programmatically. Out the box Maltego Radium comes with a couple of useful built-in machines that does footprinting, social media monitoring etc. Just feed it input and click on the button.
  • Auto update. Never need to download the entire client again - we provide incremental updates as they become available.
  • Full screen mode - think dashboard.
  • Viewlets - gives you the ability to configure analytical views in pseudo code. New default 'Diverse Descent' view.
The Maltego Scripting Language (MSL) document can be found [here]. This document explains how the scripting language works and shows you how to write your own machines.

It took us about a year to build Maltego Radium. A lot of thinking, working, swearing, sweating and tears went into building it. We think it will change the game - and we're really proud of it.

Enjoy,
RT

PS: The community edition of Maltego Radium will follow soon. Commercial license holders can upgrade (as always) at no cost.

Wednesday, August 15, 2012

Maltego Radium - preview video

Some time ago (June) we released a video of what's to come in Maltego Radium. It was shot on a cold night on a rooftop in Johannesburg CBD. We only got off the roof at around 3am - cold and hungry, but with the footage "in the can".  I feverishly edited the video and a few days later the video was released. Only today did we realize that we never blogged about it. Well - if you haven't seen it before - here it is again:


Maltego Radium will be released at the Nordic Security Conference (nsc.is) at the end of August. That's in a few weeks. We know. It's close. Deadline looming. People stressing. Throwing stuff. Mostly me. ;)

PS: Many people asked us "Who does your videos?". It's all done in-house. Shot, edited etc. This is why, while the visuals and the soundtrack might be a little over the top and the quality isn't always up to scratch - you get it straight from the source. Oh - and that's Andrew in the video - not a reporter. lol.

Tuesday, August 14, 2012

Maltego scripting language user guide (1.0)

With the release of Maltego Radium just a couple of weeks out we've decided to publish the preliminary user guide on how to write your own machines. The document might still contain some pre-production screen shots and the scripting language might still change a little bit but it will give you a good idea of what's possible with the new release.
Open the PDF!



We're super excited about all the new possibilities this release will open up. We will be releasing Maltego Radium at the Nordic Security Conference (nsc.is) in Iceland at the end of August.

Friday, August 10, 2012

Maltego Radium - screenshots and release date

When we are building splash screens you know it's close to release time. Here is what we think the splash screen for the new version of Maltego is going to look like:


The new version of Maltego will allow for scripting transforms together in a sequence - something we call a 'machine'. Here are some screenshots (subject to change!):



Radium will be released at the Nordic Security Conference (www.nsc.is) at the end of the month. Additionally we'll be training students on Radium at the conference. Woot! See you there.
RT

Monday, May 7, 2012

Some transform news

Hi there,

We've fixed the PGP transforms - it seems that stinkfoot's PGP section decided to die - so we've moved it over to MIT's PGP key server.

This has been fixed in the 3.1.1 community and commercial editions - to see the changes simply rediscover the transforms. To manually fix (if you're still using 3.1.0 or older) you can go to the Manage tab, Manage transforms, type in 'PGP' in the search bar at the top right, select all transforms (control A), and at the PGP server URL replace http://stinkfoot.org:11371 with http://pgp.mit.edu:11371 and press Enter.

We've also added a transform on the TDS that will look at a Twitter affiliation and give the last couple of locations (if the user has enabled that) as well as the technology used to update Twitter (eg TweetDeck, UberSocial or just 'web' when it's via the Twitter web interface). This transform is called ToTwitterUserGEO. To see it in action use a phrase like 'ParisHilton', convert the phrase to Twitter Affiliation and run the ToTwitterUserGEO on it.  (She's last seen at 35.975487,-115.14171  BTW).

Peace,
RT


Friday, April 20, 2012

Maltego X in Iceland

Those of you that knows me would know that I rarely get excited about something. I am that 'the bottle is half empty' person - cynical and dry. And I rarely make personal posts on this blog. But somehow I am totally amped about the conference in Iceland.

It's at the end of August - it gives us plenty time to prepare something really special for a really special conference. It gives us time to build Maltego version X (be that 3.2 or 4.0, time will tell). And we're all commited to have it release ready for NSC.IS

We know what will be in the release - it's *really* special, new, innovative. In fact, I haven't felt so excited about something since we've build the first 5 transforms in 0.1 and saw the concept works. Guarenteed it will change the way you think about and work with Maltego.

I am taking the entire team to Iceland. And (hopefully) we'll all be training students on the brand new version. It's going to be something really special.

RT

Wednesday, April 11, 2012

Maltego 3.1.1 Community edition released

It's with great joy and excitement that we announce the release of Maltego 3.1.1 Community Edition. 3.1.1CE is FREE and gives you almost the same level of awesomeness that the commercial edition provides.

The main differences between CE and commercial is that CE:
  • returns a maximum of 12 entities
  • cannot paste more than 50 entities (at a time)
  • runs a tad slower, and to a server that is a bit smaller
  • No grown-up things like import from spreadsheets, reporting (cough cough) or printing
  • has a silly looking background that tell you it's 'for demo use only'.


But other than that it's pretty much the same deal as the commercial edition and it has access to the same transforms. In 3.1.1 we've introduced a public and private mode. In public mode you'll be able to see if a node you've returned has been discovered by someone else in the past (although you won't be able to see who it was). For more info on that - read the blog post [here].

A couple of other things we like:
  • CE, like commercial, now runs over HTTPS
  • The 'why-do-I-need-to-complete-this-impossible-captcha-10-times-before-it-takes-it' bug has been fixed. Which means you need to only log in once every couple of days.
  • Seamless integration with Maltego CaseFile.
  • the most up-to-date version (build 2621) with the most bugs fixes.

So without any more faffing - here's the link to the download page on our (soon to be revamped) website:
------ >> [ HERE ] << -------

As always, enjoy responsibly!
RT

Tuesday, April 3, 2012

The start of collaboration in Maltego community edition

Some news regarding the new community edition of Maltego (3.1.1). Every time you start Maltego community edition you'll be able to CHOOSE between PUBLIC or PRIVATE mode. You can't really miss it:


When you select public mode you'll be able to see if a node has shown up in the graphs of other public community users. You'll also be able to see the 'first discovered by' and 'last accessed by' detail - plus dates, and how many times it has been seen. Note that the identity is a set ALIAS, not a name or an email address. This will give you the ability to see if other Maltego community users have been interested in the same things as you are.

The keyword here is CHOOSE. If you don't want to play you can choose to run Maltego community edition in PRIVATE mode and then it's BUSINESS AS USUAL.

The node detail looks like this:


Useful? Tell us what you think!
RT

Wednesday, March 14, 2012

Maltego 3.1.1 for Backtrack - updated!

Working at the speed of white light in a vacuum and in conjunction with the Backtrack elves we've also updated the Backtrack Maltego release to 3.1.1.

To make your BT up to date simply do:
# apt-get update
# apt-get upgrade

and you'll gave all the latest (3.1.1) Maltego goodness. Woot woot!
RT

Maltego 3.1.1 released and notes on the community edition

Today we are releasing Maltego 3.1.1 (commercial) and CaseFile 1.0.1 (commercial and community). The new release removes a lot of undocumented features that crept into 3.1.0. Some people call them bugs.  Many of these were VERY frustrating and we're glad to have them squashed. Read 'you should upgrade'.

You might ask - "Where is the community edition? When can we ever expect it? You said it would be done soon. And that was two weeks ago! Liar liar." And so on. The reason why we are not releasing 3.1.1 community edition is that we are building some very interesting "community edition only" features into 3.1.1. No really - features, not bugs. At this stage I don't want to talk about it too much, but I can say that we are starting to experiment with some form of collaboration between different Maltego community users.  It would mean it's the first time that the community edition will have functionality that the commercial edition will not have! The idea would be to test the concept with the community and if people find it useful we'll roll it out to the commercial version too.

As always you can find the latest releases in the download section of our website (http://www.paterva.com/web5/client/download.php).
Enjoy,
RT

Thursday, February 23, 2012

Maltego 3.1 BackTrack release and other stuff

As soon as Muts and his team wakes up they'll find a Skype file transfer request waiting for them - it's Maltego 3.1 BackTrack release. It's looking damn pretty truth be told.  Here's a screenshot of it:

We will be releasing Maltego 3.1 community edition very soon as well.

Some other important things you should really be reading:

  • We will be disconnecting the Maltego 2 server very soon. If you are still using v2 shame on you. 2008 called - they want their software back.
  • We will disconnect the Maltego 3.0.X server in June. Which means we want you to upgrade to 3.1 soonishly. It's totally worth it.
  • When we release 3.1 community edition we will also release 3.1 update 1 (3.1u1). A lot of super irritating bugs have been fixed in the update. Which means you want to upgrade to 3.1u1.
Baby seals,
RT

Wednesday, February 8, 2012

Recx Maltego 3.1 Image Forensic Transforms

Hey guys,

I just got word from the team over at Recx that they are offering a discount to all Maltego users for the launch of Maltego 3.1.

The product they are offering is the Recx GPS Image forensics package which allows Maltego users to work with local image data to identify key relationships between images such as:
  • Images taken in the same location.
  • Images taken in the same location but with different devices.
  • Images taken in the same location but altered via software.
  • Search for images taken in a certain location across your acquired set
Take a look at it in action below or view their blog post for a complete breakdown!


They are offering a discount of £40 (from £95.99 to £59.99!) if you use the coupon code 'maltego31launch'.


Do the twist
-AM

Tuesday, February 7, 2012

Maltego 3.1 and CaseFile 1.0 -> it's live!

On the 15th of June 2010 we released Maltego 3.0. Since then we ramped it up all the way to 3.0.4u2 and we've built Maltego CaseFile. Now, almost 20 months later we are finally ready with Maltego 3.1. For us it's really a big deal - so much so that many of us wanted to call it Maltego 4.0 (but that number is destined for bigger things).

The weeks leading up to this release were hard on all of us (and on our family and friends who had to deal with us).  A LOT of effort went into making this product - thinking, coding, designing, architecting (is that even a word?), testing, arguing, tea/coffee making, laughing and crying. Blood, sweat and tears. And our team stuck together and kicked butt. Everyone did their part and when someone was down they were picked up by the others. If this sounds oh so emotional it's because it really is.

We did not get around to document the release properly. We could have, but it would have taken another two weeks. Instead we made a quick 10 minute video that shows you how to use Maltego 3.1 and CaseFile. It came out nicely. It's not boring - it's to the point and concise. In due time we'll document everything nicely. But almost everything works as you expect it to work.

Well - I guess that's about it. Here is what you came for - the links.
The tutorial video:

You can download CaseFile (commercial and community) and Maltego 3.1
[[---> HERE <---]]

Enjoy responsibly,
RT (and the entire Maltego team)



Thursday, January 12, 2012

3.1 Splash screen

When we release splash screens you know it's close. Here's what we think 3.1 startup screen will look like:

Wednesday, January 11, 2012

Maltego CaseFile and Maltego 3.1 release date

Happy 2012, Christmas, hope this year..blah blah.

With that out the way - we are working hard to release Maltego CaseFile v1.0 and Maltego 3.1 at the end of January

Maltego 3.1 will have the same features as Casefile but will include the use of transforms. We are still very much committed to make CaseFile FREE for non-commercial users. Both 3.1 and CaseFile will have fully supported Windows, OSX and Linux versions. A community version of Maltego 3.1 will follow in the weeks to come - and we'll ask Muts and Chris to bundle it with their new BackTrack release.

CaseFile and 3.1 should work seamlessly together. Clients with dedicated Maltego servers should upgrade to the new CTAS (which will be released at the same time).

There! Our first blog post for 2012!
RT