If you are not familiar with the acronym OSINT it stands for Open-Source INTelligence. This is data gathered from overt and publicly available sources. Do not make the mistake in thinking that just because the information is not obtained through covert, clandestine, or Secret Squirrel means that it is not valuable or actionable. It may have gone by different names but OSINT has been around for hundreds of years. These techniques have been the stock-in-trade of national security analysts, law enforcement agents, private investigators, business intelligence professionals, and even hackers.
The information flow of OSINT sources can be broken down essentially to legacy media, internet, public government data, professional and academic publications, commercial data, and what is known as grey literature. Grey literature just refers to things like technical reports, preprints, patents, working papers, business documents, unpublished works, and newsletters.
Maltego is an extremely powerful proprietary OSINT and forensic tool developed by Paterva. If you ever thought that Data Structures sprint at Operation Spark would not ever be useful, well, you would be wrong. Maltego presents the data visually in graph format, suitable for link analysis and data mining. However, the real power in Maltego is its library of customizable transforms. These transforms are like a combination between an API pull request and a sorting algorithm. They are small pieces of code that fetch related information for a given input. The output of these transforms is designed to be extensible so that other transforms can be run on it. They are also designed to return the smallest piece of information possible. You may be wondering why someone would want the smallest piece of information possible to be returned. The more the merrier right? Well, take the following example from the Maltego documentation:
"The graph at the top has a whole layer less, whilst showing the same information. Using the second graph allows the analyst to quickly look at things like all the services running on port 80. Doing the same on the graph at the top would mean you would have to traverse up the tree to the IP addresses and then down again to the services giving you other services that are not running on port 80. Modelling your data correctly is a very important step in the process of building your own custom transforms. It is advised to give this step some thought before moving on with actually writing code for your transforms."
In other words, it's like asking the super computer Deep Thought the answer to life, the Universe, and everything... and getting 42. You have to know the questions to ask in order to gain useful answers. Much of the skill in using Maltego is asking the right questions.
Maltego can provide a core picture of an organizations network architecture. It arranges data from API pull requests into a visual format to illustrate useful relationships. This is an automated process that is far more efficient than any Google search. For instance, from a website you can identify tracking URLs. From this information you can identify other websites owned by the same organization and tracked with the same codes. Next, you can look up the DNS information. This would tell you which servers are pointing to the actual IP address that the website is hosted on. It will even tell you of other websites hosted with the same DNS server which may also belong to that organization. From the DNS server you can identify the MX server and the name server. You can explore the net block and find additional services or websites within the organization. Eventually, if you ask the right questions, you will discover the AAS number. All of this is automated and in an easy-to-read visual format. The format of the presented material is also important because it allows one to recognize useful relationships between nodes that may have otherwise been missed if only viewed through a terminal.
So as we have learned Maltego can be an invaluable tool to digital forensic and penetration testing specialists. Maltego can do much more than network mapping. Perhaps in an upcoming post I will write on the topic again. In the meantime I hope you enjoyed this post and follow me if you wish to stay tuned.
Maltego training video for absolute beginners:
https://www.youtube.com/watch?v=sP-Pl_SRQVo
Top comments (0)