Skip to main content

Posts

Showing posts from March, 2019

A Step Towards Stealth Mode

During an investigation, it is often important to ensure that whatever you do, you do not “touch” the target. For example, if you are investigating a particular server, you do not want to leave a trace in the traffic logs that you were there.

It is sometimes enough if it is just not known that you were there, in other words that traffic originated from your network. Other times it would be preferable if nobody was there, for example if the URL was embedded in Malware and acts as a kill-switch of some description (https://www.wired.com/2017/05/accidental-kill-switch-slowed-fridays-massive-ransomware-attack/).

In general, the Maltego client does not contact any servers directly, and only via the transform servers such as the CTAS. One exception to this is when icons are fetched by the client itself to show on the graph, such as with the Image entity loading a preview of a URL, and more recently with the Overlay icons introduced in the previous release. This includes the Favicon overlay…