Skip to main content

Connecting the links


Hello there,

Today I am going to talk a bit about our new Linkedin transforms that we have been working on. Linkedin is all about finding connections between people so what better way to visualize this information than in Maltego. I set out to build some Linkedin transforms that could help show connections between Linkedin users, their shares and company profiles that may not be easy to identify on Linkedin itself. All the transforms that I built here use the Linkedin developer API so you can log into your own Linkedin account from Maltego and start visualizing your Linkedin network.

Linkedin's API provides awesome search functionality for finding people and companies by allowing you to refine your searches with additional search parameters making it a lot easier to find profiles with common names. Our Linkedin transforms allow you to enter these additional search parameters using transform settings (transform pop-ups). To search for a Linkedin company profile from within Maltego you will start with a phrase entity and run the transform Linkedin Company Search, a transform setting will pop-up asking you if you want to specify a county-code. Running this transform on the phrase ‘KPMG’ without specifying a country-code results in the graph below:
The results returned from the Linkedin Company Search transform are weighted according to relevance meaning that the entity in the top left-hand corner is the most relevant result for your search. In the detail view there are links to the company's Linkedin profile page and to their website as shown in the image above. There are a range of transforms that you can now run on the Linkedin company profile entity which are listed in our shiny new context menu also shown in the image above. One of the highlights of these transforms is the To Email Domain which returns domains that the company has specified they receive email on. This transform often returns loads of results which is great if you are looking for sub-domains for that company. Running the To Email Domain transform on the first company profile from our 'KPMG' search results in 34 different email domains many of them being sub-domains of kpmg.com. The result is shown below:
If you are ever looking to mine email addresses for a company this is probably a good place to start but that is a bit off topic for this post so I will leave that for you to try on your own. 

To search for a person’s Linkedin profile from Maltego you run the Linkedin People Search transform on a person entity, three transform settings will pop up allowing you to specify this person's company name, the country code of their home country and a past school of theirs. These transform settings are really useful when searching common names, for example when searching the name John Doe while specifying a country-code IR (Iran) you will receive only two Linkedin profiles. If you had to exclude the country code from this search you would be flooded with results. The image below shows this search result as well as the context menu which shows all the transforms that can be run on a Linkedin Affiliation entity:
The Detail View in this image shows additional information about the user that is selected which includes their Linkedin headline, location and the industry they work in.


Currently the Linkedin People Search transform returns the 25 most relevant results for your search while the Linkedin Company Search transform will return the 20 most relevant company profiles for your search.

Okay enough with the details, let’s move onto an example of how this can be used: imagine you wanted to inform as many Linkedin users from a particular company of something without directly messaging them and without them being aware that they are being fed targeted information. How we could do this is as follows: start by finding our target company's Linkedin profile, from our target company's profile we then run the transform To Affiliations [only in your Network], this transform will return all the users in your network who work (or worked) at that specific company. This results in the following graph:

From all these users we then want to see what shares are currently showing in their news feed, to do this we run the transform To Shares in User’s Network. This results in the following graph (shown in bubble view on the left):

This graph is quite large but by selecting all the shares and ordering them according to their number of incoming links we find that there is a single share that is currently on 23 news feeds belonging to users at our target company. Taking this share plus its incoming links to a new graph results in the following:

Now if we were to post a comment on this share we know that our comment would show up on 23 Linkedin user's news feeds that work (or worked) at our target company.

Next we want to find who authored this share, to do so we run the transform To Share’s Author on this share which reveals who it was initially posted by. Finally we run the To Companies transform on this user that reveals the company that this user works for:

This user’s Linkedin profile seems to be quite popular amongst users from our target company so its owner may be a person of interest if we were really targeting this organization. The next step would be to find this profile owner's email address which could be done by finding the companies email address domain and then their naming format for their email address but again this is out of the scope of this blog post.

I have one last highlight from our new Linkedin transforms that I want to mention before its time to go. The To Entities [Using AlchemyAPI] transform can be run on a Linkedin share entity, this transform will extract people’s names, places and company names that are mentioned in the share article. It is a nice way to easily identify topics that are being discussed across multiple shares in your Linkedin network.

A quick word about rate limits on the Linkedin API, to use these transforms you will need to log into your Linkedin account from Managed Services in Maltego, most of the API calls that these transforms use are limited to around 300 calls per day per user, when you reach your limit for the day you will receive a message in your transform output notifying you and you will have to wait until midnight UTC for your limit to be reset for your account. The Linkedin People search and the To Affiliations [in your network] transforms have a much stricter limit so you might find that you reach the limits for these transforms a lot quicker.

For those of you who have upgraded to Maltego Chlorine the Linkedin transforms will be arriving in your Transforms hub shortly, you will be able to add them to your Maltego client simply hitting the install button. For those of you who are still running Carbon here is the seed-url:



Enjoy responsibly

PR.

Comments

Popular posts from this blog

Maltego 4 CE / Kali Linux release is ready for download!

Hi there,

We're happy to announce that Maltego 4 is now (finally) ready for the masses! We're releasing the community (free) edition today and the Kali distros have been updated by the kind people from Offensive Security (thanks Dookie/Muts!).  In other words - we're ready to roll on a major upgrade of your favorite information visualization tool.


(click on the image above to see our very grown-up/proper promotional video of Sandra the 15 year old Dachshund and Maltego/Kali Linux. !(We plan to screen this at our booth at a major conference.))

Our decision to make CaseFile free with the release of Maltego 4 had some interesting side-effects. In CaseFile importing data from CSV/XLS was enabled. So too printing. And reporting. So when we made CaseFile free it did not make sense to limit the Kali/CE releases - you'd simply open CaseFile, import the data and save the graph - then open in CE.

So - bottom line - reporting/printing/CSV import is now enabled in the free release…

Abracadabra! It's Sho(dan) time!

Shodan -- used by pentesters, stalkeˆWˆWˆWresearchers and data scientists everywhere to analyze information about computers on the Internet. From webcams to SCADA to looking at where various SSL information in certificates can tie organisations together. It is a common tool used by many different people. We really wanted to get some Maltego goodness on that!

TL;DR -- You can get the Shodan transforms in the transform hub right now. To use all of the different transform options (or you can stick with the free options) you can simply click on settings in the transform hub after installing to add your API key.

There have been transforms written for Shodan before, but we really felt like they needed refreshing. So we took it upon ourselves to look at the information provided by Shodan and decide how we could integrate it into the needs of Maltego users. We first started by looking at what information was readily and easily available and then if it was useful in an n-th order graph. This is…

Visualising the Bitcoin Blockchain in Maltego

This post will provide a quick overview of our new Maltego transforms for visualizing the Bitcoin blockchain. There are 11 new transforms in the seed which use Blockchain.info’s API to query data from the blockchain.

(Screenshot's in this post are taken with the Maltego 4 beta release.)
Before we begin, it is important to have an understanding of how Bitcoin and their transactions work so I will start with an overview of some of the main concepts:
Bitcoin Overview
Bitcoin address: Bitcoin addresses are transaction endpoints that are used to send Bitcoin to another person. A person can generate as many addresses as they want and people should (which they often don’t) use a new address for every transaction that is made. An address is represented with a 26-35 sequence of alphanumeric characters and looks like this: 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2. For a more in-depth explanation of Bitcoin addresses you can have a look at the Bitcoin Wiki here.
Bitcoin wallet: A Bitcoin wallet is …