Skip to main content

Posts

Showing posts from January, 2017

Visual link analysis with Splunk (or SQL) and Maltego using the MDS

We're finally ready to release a public beta of the Maltego Data Server (MDS). The MDS is a server that allows you to trivially easy visualize data kept in SQL databases or indexes (such as Splunk) in Maltego - as a graph.

In the most simplest form you only need to write a query (SQL/Splunk) and a tell the MDS how to map the resultant data back to nodes on the graph.


In the most complex form you can write Python code around the query, mapping and nodes as well as use (global) replacement variables anywhere within the items above. With this we mean to say that the MDS can be as easy or as complex as you'd like it to become. The system can grow with your abilities and is very flexible.

With the very basic knowledge of SQL/Splunk and Maltego you can almost immediately get massive insight into the most mundane of logs. With two (basic AF) Splunk-based transforms and three of the standard OSINT transforms that ship with Maltego we can spot fake Googlebots almost instantly in our we…

Making Buzzfeed's TrumpWorld tables into a Maltego graph

Maltego 4.0.15 is on it's way, and with it a brand new interface for importing data into Maltego. With Buzzfeed's recent data dump of "TrumpWorld" we thought we would have some fun mapping out the data, whilst doing a walk-through of the new Tabular importer.

TL;DR -----
With just a few easy clicks you can map out hundreds of links and entities. We can see the complex layout of Trump business empire, as well as how his social and business circles overlap.

Maltego provides a wide array of transforms to dig deeper into the information we have here. We'll leave that as an exercise for the reader ;) Person - Company mapping

Person - Person mapping
Company - Company mapping
Just in case anyone was worried that we were getting too political (we're neutral, like Switzerland), here's a graph of Hillary Clinton's email infrastructure. What's the SSLVPN box by the way? ;)
Try It For Yourself Here are all the Maltego graphs - feel free to open them in any ve…

Short term (Q1 '17) plans for Maltego

Welcome to 2017. It's only the 3rd of January and we're all back at work. I thought I share some of the exciting things happening with Maltego in the short term.

Awesome documentation Documentation was never our strong suit and so this year we're setting it right and putting a lot of effort into documenting Maltego. We started with the user guide - it's brand new and shiny and available [here].

We're redoing the transform guide on a wiki - so that other transform writers can also document their stuff a little - so far it's looking grand and useful. We're also doing a lot of maintenance on the developer portal to get that up to date. Let it never be said again that our documentation suck!

Maltego Data Server (MDS) We're almost done with the MDS. It's currently (almost) in beta. If you want to play or get a copy of the user's manual [drop us a line]. Some time ago we've made a [sneak peek video] of the MDS:


The MDS is going to be 'the next…