Skip to main content

Posts

Showing posts from 2015

Year in review, plans for next year and the usual Christmas special.

Hi everyone.

Season's greetings. Time to break out the boxset of Glee and rewatch all Hugh Grant's movies again.

It's been a good year. Mostly. Paul learned how to program in Python (somewhat/mostly) and did his first public talk. He made a short Maltego video too. Andrew traveled the world and sauna-ed with strangers. Someone (you know who you are) hugged him and he was OK with it. Uhmmm...no - not at said sauna. I started drawing things and managed an entire day at Defcon before hiding in my hotel room. We appointed RI to sort out our admin. The office dog doesn't eat our checks anymore (BTW, this really happened, try to explain that to your bank). We all received Tshirts from Russia.

Maltego got a transform hub and we've added a ton of providers. We made a new TDS. We added a few transforms. We made a developer portal thing-thing. Compared with what's happening in the next year it's pretty boring. So what you ask is on the menu?

1. New version of Maltego…

New Community TDS (NCETDS... just kidding we have enough acronyms!)

TL;DR -
Video Tutorial - [ Here ]
Developer Documentation - [ Here ]
Community TDS inferface - [ Here ]

This blog post (one of the few by Andrew) is here to tell you about the new public TDS (technically an update for the community TDS so that it is inline with the private TDS source base). For those who aren't interested in reading all the words we have a great video to talk about this below:



Let's start off with an introduction to the TDS. It provides an easy to use, distributable means of writing and sharing transforms (and essentially the data so that users can turn that into intelligence) . All the transforms in the transform hub are built on either the the free public TDS or a private one.

When a "normal" transform (one on the public/private CTAS) runs what happens in the back is that a message is sent to the server containing the entity details (like its value and other properties) as well as the transform that needs to run. For example it could be the domain

Jumping on the Website Tracking Code bandwagon

Services like Google Analytics allow you to easily add functionality to your website simply by pasting a bit of JavaScript into your page's html. Often this JavaScript includes a tracking code that uniquely identifies the site owner's account with that service. Searching this tracking code with a search engine that indexes JavaScript allows you to find other sites that belong to the same user. There are quite a few web services that require you to add a tracking code to your webpage in order to use it. For analysts this provides a great way for making connections between websites that may seem unrelated using other OSINT techniques.

Recently there was an interesting project write-up calledAutomatically Discover Website Connections Through Tracking Codesby @jms_dot_py and @LawrenceA_UK. They used the source code search engine Meanpath to search for websites with a specific tracking code and Gephi to visualize the relationships from their results. We've been having the same …

We talk to Allan about NewsLink

This blog post presents our new transform hub item called NewsLink that we have just released on the Transform Hub. NewsLink aims to assist in identifying and monitoring patterns in information posted on the Internet from a wide range of sources including Twitter, blog posts and news articles.
Every day millions of news articles, blog posts, Tweets, pastes, etc. are posted online with this continuous stream of information it makes it difficult to identify what information is important to us and should be focused on and what could just be ignored.  One approach to pick out important information would be to look at when multiple sources all mention the same people, locations, company names (and a slew of other types of entities) in a certain time period. This is the basis for NewsLink.
The image of the graph below is a small piece of a graph that was monitoring news articles related to Defcon. The snippets on the right list the news articles that mention both Samy Kamkar and Defcon on …

Maltego Chlorine Community Edition is ready for download

Hi there,

We're pleased to announce the release of Maltego Chlorine community edition. The release would hopefully solve most of the Java compatibility issues. It comes bundled with Java 8u45 and is available for download at our website [HERE].




The Chlorine release brings (almost) all the goodness of the commercial release with a 0$ price tag. If you're interested in the changes made from Carbon->Chlorine we suggest you view our Chlorine release video [HERE].

One of the main differences between the commercial and the community edition is that it will feature only free items in its Transform Hub.

When Kali Linux 2 is released we'll also release a Maltego for Kali release. In the meanwhile Kali Linux user can simply install the .deb on their Kali Linux.

Additionally we've made a new 'Intro to Maltego' video that will replace the first video in our tutorial series. It was about time - the previous version was made in Oct 2011 and used version 3.0. We've als…

Connecting the links

Hello there,
Today I am going to talk a bit about our new Linkedin transforms that we have been working on. Linkedin is all about finding connections between people so what better way to visualize this information than in Maltego. I set out to build some Linkedin transforms that could help show connections between Linkedin users, their shares and company profiles that may not be easy to identify on Linkedin itself. All the transforms that I built here use the Linkedin developer API so you can log into your own Linkedin account from Maltego and start visualizing your Linkedin network.
Linkedin's API provides awesome search functionality for finding people and companies by allowing you to refine your searches with additional search parameters making it a lot easier to find profiles with common names. Our Linkedin transforms allow you to enter these additional search parameters using transform settings (transform pop-ups). To search for a Linkedin company profile from within Maltego yo…