Maltego for complete beginners and our web show with Andrew McPherson from Paterva!

We had an excellent Hacker Hotshot web show with Andrew MacPherson this Wednesday (November 13th 2013) presenting: “Maltego Tungsten as a collaborative attack platform”. Andrew is the lead developer and basically the world’s expert guru on Maltego!

Quick background on Maltego for those that don’t know, but want to know!
Like many other ‘best of breed’ penetration testing tools (Metasploit is a good example), Maltego comes in freemium and premium flavors.

What is Maltego?
As a penetration tester you might have to go out a gather a whole bunch of data on your client’s organization, for example what web servers they are using, what top level domains they use, what kind of email servers they are sending SMTP from, their MX records, IP addresses etc. Maltego helps to gather all this information by collecting the data and organizing it in an efficient manner.

Maltego has a GUI that makes this all very simple and with just a few clicks you can scrap a vast amount of data is an easy to read format.

Maltego is including in Kali Linux, BackTrack and BackBox.

The fastest way to launch maltego is just to enter the term ‘maltego’ in the terminal (within Kali Linux).

Maltego can also be launched from the OSINT section of Kali Linux > Open-source intelligence (OSINT) > Maltego. (Side note, OSINT stands for ‘Open Source Intelligence’ meaning that is can be gathered publicly.

Maltego works its’ magic by using ‘transforms’. Transforms come built into the pentesting tool and are best defined as being scripts of code that execute specific tasks. These tasks or ‘transforms’ can be written in every computer language thereby increasing the appeal of this penetration testing tool.

For example, to find out information on a DNS, a transform would be used to extract a ton of information which would be presented in a very easy to read and interpret. To start a transform or process we would click on ‘New Graph’ and a left hand pane will appear. From the ‘palette’ (in the left pane) drag over any of the assets that you would like to gather information from. After you ‘drag-and-drop’ a domain (for example) into the graph you then launch the transform by right clicking the domain icon, and select which transform you would like Maltego to exploit.

About Andrew McPherson: the Maltego Lead Developer!
For anything Maltego, Andew is your man. As the lead developer at Paterva he is a highly talented security professional and is responsible for having coded many transforms. We were very excited to have had Andrew on the show especially because the topic (Social Engineering and Phishing) was indicative to just how powerful a pentesting tool Maltego really is.

In the presentation, located here, Andrew set out the following discussion points:

  • That most security experts will agree with you when they say that if you have enough context on an individual your chances of being successful with a targeted phishing attack are very high.
  • Why people have been using Maltego for years to gain context on infrastructure and individuals.
  • Discuss an excellent application called KingPhisher which was released at Blackhat USA 2013.
  • Andrew will also demonstrate the capabilities of KingPhisher in collaboration with Maltego as well as showing a nice example of using a context aware web application to perform a targeted phishing attack.

Here are the questions and answers from the session:
Max, Concise Courses
Can KingPhisher identify HoneyPots or Honey Traps?

Andrew McPherson, Maltego Paterva
No, not at all. KingPhisher is just used to send those emails out [you’ll have to watch the presentation to get a full picture!] and manage the campaigns so it doesn’t do any monitoring on that side.

Max, Concise Courses
Do JavaScript email encoders work? [To prevent email harvesters]

Andrew McPherson, Maltego Paterva
Honestly I can’t tell. I can’t test on something like this [KingPhisher] but some tools can strip off things like JavaScript so I presume that they probably wouldn’t work.

Max, Concise Courses
Do you have to use Proxies?

Andrew McPherson, Maltego Paterva
For what aspect? You don’t have to be using any proxies for this, you could be running through Tor is you really wanted to. You don’t have to use proxies for any access.

In summary
Maltego allows security professionals (pentesters etc) to go through mountains of data and sort it in useful ways based on publicly available information that is currently sitting on the Internet.

Also, whilst are on the subject of Pentesting Tools and Kali Linux, it’s definitely worth us mentioning a few words about our upcoming Kali Linux training course which is now scheduled for early December 2013. The entire purpose of the course is to teach you all to become proficient and efficient whilst being effective when using Kali Linux! For more info please follow this link and if you have any questions don’t forget to get in contact with us.

Leave a comment or reply below...thanks!