Skip to main content


Showing posts from 2016

Christmas Special & State of the Nation. It's a thing!

Here we are – at the end of 2016. For some 2016 was a great year. For others... not so much. It was indeed a year where we saw many changes around the world. And you know what they say about change. No no - not the holiday thing, that funny thing about not wearing ski pants in the desert. 
Was 2016 a bad year for Maltego? Hmm - no. We released a major version (M4) this year. We fixed a lot of bugs in it and we’re now up to the 12th update for the 4.0 version. We finally had the courage to split it into two flavors (Classic and XL). We built the MDS this year. A few more tests and it’s ready for production in early 2017. Every time I play with the MDS I smile. It’s truly a thing of beauty. Maltego 4 + MDS is going to turn out to be VERY powerful.
The company has grown too – not just with clients and sales – but with people too. Yesterday another recruit started with the company. His name is Andrew. How is it that we have five people working in one office and two of them are called An…

Maltego 4 CE / Kali Linux release is ready for download!

Hi there,

We're happy to announce that Maltego 4 is now (finally) ready for the masses! We're releasing the community (free) edition today and the Kali distros have been updated by the kind people from Offensive Security (thanks Dookie/Muts!).  In other words - we're ready to roll on a major upgrade of your favorite information visualization tool.

(click on the image above to see our very grown-up/proper promotional video of Sandra the 15 year old Dachshund and Maltego/Kali Linux. !(We plan to screen this at our booth at a major conference.))

Our decision to make CaseFile free with the release of Maltego 4 had some interesting side-effects. In CaseFile importing data from CSV/XLS was enabled. So too printing. And reporting. So when we made CaseFile free it did not make sense to limit the Kali/CE releases - you'd simply open CaseFile, import the data and save the graph - then open in CE.

So - bottom line - reporting/printing/CSV import is now enabled in the free release…

Panama Papers in Maltego

By now everyone knows about the Panama Papers and the Offshore Leaks. If you don't you should read about it [here]. We've downloaded the CSV files from them, imported into a SQL database, then wrote some transforms for Maltego. That's the context.

Disclaimers. You should really really read this! First off - some disclaimers. I know nobody ever reads disclaimers but these are pretty important so you really need to read them.
Disclaimer 1: Not everyone in the database is 'bad'. Having an offshore account is not a crime. There are good reasons to have one. Like they say on the their site: "There are legitimate uses for offshore companies and trusts. We do not intend to suggest or imply that any persons, companies or other entities included in the ICIJ Offshore Leaks Database have broken the law or otherwise acted improperly."

Disclaimer 2: People have the same names. Who would have thought?! You find someone in the data and go 'oooh! Het jou katvis!' -…

Maltego 4 - it's finally time...


Maltego 4 is finally on the picture below to view the release video:

Download the software [here]
...but if you want to know more...

The Maltego 4 story In March of 2015 myself, Chris and Andrew sat in a room in Cape Town to decide which feature to build next. It's one of the hardest challenges managing Maltego - deciding what to do next. There's always at least five major features competing for our attention. Be that geospatial view, temporal view, feeders or a browser plugin - there's always the next big thing waiting. We argued the entire day, everyone having their own favorite. At around 7 o clock we were tired, hungry and irate. I asked Paul (at the time still pretty green and struggling to keep up with all the intricacies of a new design) "if you could have any feature in Maltego - what would it be?". He didn't have to think long and answered "handling big graphs". Then he casually put his headphones back on and ignored us…

Network Footprinting with Maltego.

One common task that Maltego is used for is doing infrastructure footprints on an organisation's network. This post will detail a possible methodology used for network footprints as well as demonstrate how they can be performed in Maltego. Finally the post will show how the process is drastically simplified with the use of machines that automates the process of running transforms in Maltego.
Network footprinting methodology.
When performing a footprint on a domain the goal is to find as much information about the domain as possible on an infrastructure level. When dealing with a large footprint it can be quite difficult to know when you have found all possible information that is publicly available for that particular domain. To make the process a little easier we have a structured methodology that we follow when conducting a network footprint in Maltego. This process is outlined in the data model below in the Image 1.

At each level of this data model we want to find as much info…

Abracadabra! It's Sho(dan) time!

Shodan -- used by pentesters, stalkeˆWˆWˆWresearchers and data scientists everywhere to analyze information about computers on the Internet. From webcams to SCADA to looking at where various SSL information in certificates can tie organisations together. It is a common tool used by many different people. We really wanted to get some Maltego goodness on that!

TL;DR -- You can get the Shodan transforms in the transform hub right now. To use all of the different transform options (or you can stick with the free options) you can simply click on settings in the transform hub after installing to add your API key.

There have been transforms written for Shodan before, but we really felt like they needed refreshing. So we took it upon ourselves to look at the information provided by Shodan and decide how we could integrate it into the needs of Maltego users. We first started by looking at what information was readily and easily available and then if it was useful in an n-th order graph. This is…

Visualising the Bitcoin Blockchain in Maltego

This post will provide a quick overview of our new Maltego transforms for visualizing the Bitcoin blockchain. There are 11 new transforms in the seed which use’s API to query data from the blockchain.

(Screenshot's in this post are taken with the Maltego 4 beta release.)
Before we begin, it is important to have an understanding of how Bitcoin and their transactions work so I will start with an overview of some of the main concepts:
Bitcoin Overview
Bitcoin address: Bitcoin addresses are transaction endpoints that are used to send Bitcoin to another person. A person can generate as many addresses as they want and people should (which they often don’t) use a new address for every transaction that is made. An address is represented with a 26-35 sequence of alphanumeric characters and looks like this: 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2. For a more in-depth explanation of Bitcoin addresses you can have a look at the Bitcoin Wiki here.
Bitcoin wallet: A Bitcoin wallet is …

NameChk Transform

NameChck is a really useful service for quickly finding online accounts associated with a specific alias. This blog post showcases our new Maltego transform that queries NameChk to find social accounts across a wide range of social networks.

The transform runs on an alias entity and returns entities that represent different online accounts. Running the transform To Social Account [Using NameChk] on the aliases used by Paterva employees returns the results below:

Clearly Andrew is the most socially active Paterva employee...;)

In the Detail View of the entities that we get back there is a link to the actual social account:

Pivoting from existing alias entities
In Maltego we already have a couple of transforms that are useful for finding aliases associated with a person. Our Flickr and MySpace transforms both run on email addresses and return the accounts associated with the address as well as additional aliases that are used on that account. This provides a great way for finding aliase…