After what seems to be a lifetime we're back safe and sound in South Africa. It's been a long trip - after Blackhat/Defcon we traveled a little further north west to conduct (another) four day training course.
We trained two courses at Blackhat - back to back. In total - 42 students. It was fun. We mostly had skilled students and it's always great to see their 'AHA!' moments - when all the pieces come together and they understand our vision.
A pivotal moment for me personally was when I complained that my feet hurt on day 3 of BH training and the training room cleaner (an elderly man that's been in the war in Sarajevo) told me 'you're getting paid for this yes?'. He survived a war and was cleaning rooms in a hotel in Las Vegas at minimum wage and I was complaining that my feet hurt. Perspective++.
The day after training we had our talk. All the demos worked (a special thanks to the networking guys for those 2x Ethernet drops installed overnight!). But I was not super happy with the talk. It could have gone a lot better. Our feedback was good and I think people enjoyed it. Perhaps I had too high expectations. See confetti/dancing girls/trumpets later...
We had a lot on our plate for Blackhat. We trained two courses, we did a talk and had to develop a lot of new tech for the talk (more on that later). But the main event - we released a major new version of Maltego called Tungsten. We normally release the commercial version first and then the community edition but we knew it was not going to fly at Blackhat. We had to have the community (free) edition ready too. And since we were showing our tech inside of Kali Linux - we had to have that version ready too.
Two major trees - commercial and community, times three for Windows (JRE32/JRE64/plain), three for Linux(RPM/DEB/ZIP) and one for OSX. And the Kali release. That's (2 x (3 + 3 + 1 )) + 1 = 15 builds.... at 74MB a pop - all uploaded and ready before we hit the plane to Vegas.
The talk was at 15h30 on the Wednesday. The Offensive Security guys had the Kali release and they were ready to 'push the button' on it *during the talk*. All was set. But then - on Wednesday morning (after the speaker's party the night before) I was awaken by a Skype chat message from Dookie saying 'Good morning - I think there's something wrong with the Kali release'. It was 9 AM and we did not have a Kali release. Got on the phone to SA, interrupted dinners, gym sessions. Our team and the their team got together in the space of 15 minutes and by 11 AM we mostly fixed the problem (OpenJDK issued a patch for OpenJDK6 on Debian two days earlier and it was breaking our ribbon). Everyone was so committed to make this work!
Just before we walked into our speaking room we moved the files to make the Tungsten release live. During the talk I looked for Dookie (OffSec) in the audience - he was standing at the back. I said '..and you can get this now on Kali', looked at him and he nodded. Tungsten was live! But somehow it was an anticlimax. Our team worked on the release for more than 6 months. It was reduced to a 5 minute demo and one sentence - 'you can get it now'. Someone in the audience mumbled 'Cool...'. I was thinking 'fscking understatement of the year'. Perhaps I expected dancing girls, trumpets and confetti.
In time we'll do a proper Tungsten video to show just how 'cool' it really is. Perhaps we'll include dancing girls/trumpets and confetti.
Part of our talk was about Teeth and KingPhisher - two tools that give more offensive type of capabilities to Maltego. We released the tech free of charge - and it can work in both the commercial and community editions of Maltego. To get it simply do the following from a Kali terminal:
apt-get install maltego-teeth
apt-get install maltego (this to upgrade Tungsten)
Start Maltego, click on the globle (top left) -> Import -> Import configuration and select the file /opt/Teeth/etc/Maltego_config.mtz
You're good to go! We've even made some videos on Teeth and KP (click on images to view):
And there is more - we also wrote a paper called 'Maltego Tungsten as a collaborative attack platform'. It's a fun read - not academic at all and you can find it [HERE].
Finally - the KingPhisher app (as well as some stuff Andrew coded for Drozer) can be found [HERE]
Normal programming will now resume. And remember - enjoy your new shiny toys responsibly!