Time
3 hours 55 minutes
Difficulty
Advanced
CEU/CPE
5

Video Description

In this lab, Subject Matter Expert Dean Pompilio demonstrates Maltego for Kali Linux. (Maltego also can be installed on Windows systems). This tool allows you to visualize the relationships between and among various bits of information, which Maltego calls entities, that you discover about the target of a Social Engineering Audit. SME Pompilio gives an example that demonstrates the various ways you can run "transforms" of the known entities about your target. The entities are connected and displayed on a graph. There is a discussion of the various available layouts, the various modes, how things are color-coded, changing size from the default, and other options for viewing your data that are useful for organizing your data. SME Pompilio demonstrates how to transform email address from the specific domains discovered for the Social Engineering Audit target. Then he does a search for various categories of information to filter his data. He then runs a transform of the various email addresses to uncover other emails and other profiles on other social networking sites. He then can run other transforms to correlate all the data in various ways. Various free and paid plug-ins are available for Maltego that enhance its basic features.

Video Transcription

00:06
Hello, everyone. This is Dean Pompilio, your subject matter expert for social engineering
00:13
And this demo we're going to take a look at multi. Go.
00:16
This is the Verena Multi go. That's for Callie Lennox.
00:22
Or you can also install multi go on Windows
00:26
operating systems.
00:28
Anyway, since we've been focusing mostly on using
00:32
Thea Callie Environment, I figured I would show everyone
00:35
this version of the tool called Carbon.
00:38
You do have to register for the community edition
00:42
so that you can log in and used their servers to do your your searches will be aware of those those install steps you confined. That obviously on the website
00:51
petrova dot com is where you want to go.
00:56
All right, So
00:58
what this tool allows you to do
01:00
is to visualize
01:03
the relationships between different bits of information
01:07
and these could be lots of different things.
01:11
Multi go calls them entities community email address or an I p. Address,
01:17
domain name or ah
01:19
uh uh t and s name.
01:22
Any of those things could be
01:23
could be discovered about your target
01:26
for a social engineering audit.
01:29
And then once you've identified thes entities, you can run what are called transforms
01:34
and the transforms can take many different dumb
01:38
shapes. It depends on what kind of entity it is.
01:41
You get the transforms that are relevant for that type of object.
01:47
All right, so
01:48
let's let's start out by creating a new graph.
01:53
And it's called a graft because you're once you see the way the objects are connected, you get different lines. And,
01:57
um,
01:59
it's an edge graft. Basically,
02:01
the shortcut for doing that is
02:04
control T,
02:10
or you can go to this icon here
02:15
and click this particular another new graph.
02:19
Either way, I like using shortcuts. Keyboard shortcuts save a lot of time.
02:24
Okay, so let's let's assume at this point in your social engineering audit that you at least have the name
02:30
of of the of a particular target.
02:35
Maybe this person
02:37
is someone that works at an organization or
02:39
or they know someone who works there.
02:43
And you're trying to learn more about this, this individual to see you,
02:46
perhaps if they have, ah, several different email addresses,
02:51
what kinds of social networking sites they might be using.
02:54
These are all details that are that are definitely useful.
03:00
All right, so we're gonna start with a domain
03:05
and entity will drag that out
03:07
by default. It goes to the pater va dot com website.
03:12
We can simply double click this and put in something else like Facebook.
03:17
So if you were trying to research
03:21
a, uh, an individual, maybe for a spear fishing campaign, that could be another good reason.
03:27
You definitely could do worse than just start with something like Facebook.
03:31
You can also use Twitter if you see down here, there's, ah social network section
03:37
in the interface
03:38
and there are some specific Facebook
03:43
entities we're just going to use the domain for right now, though.
03:52
Okay, So what we want to do now is try our first set of transforms.
03:57
We can right click on the object
03:59
and there's a run transforms menu
04:02
and what we want to do is D. N s from domain, and you can see there's quite a few
04:09
transforms within this group.
04:12
You could go to the bottom and run all the transforms, which is what we're gonna do for a lot of these examples. But you might want to go back later and run individual ones as
04:19
as you see fit.
04:24
So has this runs.
04:28
I'm getting a list of
04:30
domains that are related to facebook dot com
04:34
Sub domains. Basically,
04:36
or a different
04:40
high level debates.
04:43
You can use your mouse well to scroll in and out,
04:45
So I'm gonna scroll out a little bit. So this fits better.
04:48
You can see we've got a pretty nice selection.
04:51
Different Facebook domain. Some of these might not be relevant
04:56
for the person we're searching for.
05:00
So if that's the case, if you don't, for instance, think that the
05:04
targets involved in development
05:08
if you can delete a couple of these
05:16
we see we've got some name servers that show up Looks like an S one. Might be a name, sir.
05:21
Possibly.
05:23
Okay, so we got a collection of domains now,
05:28
And
05:30
this particular target,
05:31
uh,
05:32
probably has some email addresses associated with facebook dot com. So that's what we want to figure out next.
05:42
So I'm going to zoom out again,
05:46
and I'm gonna select all these domains.
05:53
Now, what I want to do is revolve all these two i p addresses,
05:58
clips.
06:09
All right. So resolved to I p, the menu could be a little bit confusing to navigate. As you can see, it's easy to uh, accidentally pop
06:16
one of the sub menus out,
06:18
So just click off to the side and try again. If that happens,
06:23
so resolved. I p is what we want.
06:27
Run all those
06:29
and you could see the updates in the window below here,
06:31
as these transforms are running on those
06:34
those domains
06:36
also, some other things about the interface.
06:42
As you can see, we've got a detailed view on the side here,
06:45
and this will
06:46
show whatever is currently selected or whatever you're pointing to.
06:56
And different entities have different types of details.
07:01
Okay, so now we've got a bunch of I p addresses
07:04
associated with these particular
07:06
Facebook domains.
07:15
And what we can do know is look to see possibly what other D N s names are associated with these particular i p's
07:23
someone a zoom out so I can see them all.
07:33
So Deena's for my p.
07:35
I'm gonna go ahead and run all the transforms there
07:40
and the reason that I might be digging in this deeply
07:44
just looking for an individual is to correlate
07:46
different types of domains. Different types of I P addresses different email accounts.
07:51
All these things might be related to the results from thes transforms.
07:58
All right, so if you look at a particular I P address,
08:01
we can see that there are quite a few Facebook domains here. But there's also some domains that don't appear to be related
08:09
to Facebook.
08:18
In either case,
08:18
we can see the I P is their associate ID.
08:26
So let's look at some different layouts. Give you a little bit more of an idea of how the information can be visualized. If you zoom out far enough, you can see we go to a what's called a bubble view,
08:39
and it's color coded so you can select large bonds, objects easily with the mouse
08:46
or, you know, my holding down shift. You could multi select,
08:54
but if you're zoomed in
08:56
to what's called the main view,
08:58
you can click the bubble of you manually and you get some different options.
09:05
So
09:07
the view we're looking at originally was the block view.
09:11
So this layout mode,
09:13
but everything in blocks and it might be useful for certain kinds of sorting of information.
09:22
Or you could go to hierarchical mode,
09:28
which tries to organize
09:30
information
09:31
slightly different method.
09:35
No one is a hierarchy.
09:37
It's trying to get zoomed in here
09:41
and again, this might be useful
09:43
for sorting information.
09:45
There's also a circular view
09:48
showing, AH, kind of a hub and spoke idea for
09:52
relationships between objects.
09:58
And there's the organic mode,
10:01
which could be really useful when you're trying to compare two different sets of objects to see which
10:05
items they might have in common.
10:09
And then you can also change the ball size.
10:13
So the default is diverse descent,
10:16
which is kind of a ranking.
10:18
Or we can do something like the number of links, and it will create a larger ball.
10:22
Incoming links, larger balls that have more incoming links
10:26
or balder larger that have outgoing links.
10:31
All right, so that's a little introduction to the interface.
10:39
So now that we've seen how we can look at the,
10:43
uh
10:43
information and different different formats of zoom Out
10:48
and I want to select facebook dot com
10:50
and we're gonna transform
10:54
email addresses from domain is what I'm looking for,
11:01
and I'm gonna go ahead and
11:03
run all the transforms on this.
11:07
We're getting some updates down here, and some items are popping up.
11:22
Oh, they're over. Here we go.
11:30
So we've got a few that popped up. Um,
11:33
she gets more here in a moment.
11:45
Okay, so we returned a bunch of e mail addresses. Keep in mind these air just e mail addresses that
11:52
were found on this particular domain. It's not going to search all Facebook users for their e mail addresses,
12:01
but for the purposes of our demonstration, this this at least returned some usable usable names.
12:07
Okay, so
12:09
we can do
12:09
is that we know our target's name.
12:20
It's ju.
12:24
Well, we can search for all or weaken
12:28
scroll down in search for different categories
12:31
of information.
12:31
So this is a nice waited to do your filtering.
12:39
Okay, So I found
12:41
that that the target of the
12:45
social engineering
12:46
audit is does have a Facebook address.
12:50
So what we can do? No,
12:56
it's run from transforms against the email address.
12:58
There's quite a few choices here.
13:01
And this might show whether the target has
13:05
profiles and other social engineering or social networking sites,
13:09
or whether they've got other email addresses associate ID
13:13
with this one.
13:18
So I'm gonna go ahead and run all the transforms.
13:20
Get a warning that this might take a little while.
13:28
Some of the transformers may air out so you can just
13:31
click those.
13:37
All right, so a bunch of things were turned up here. We can see that there are several more email addresses,
13:41
and it looks
13:45
looks like
13:46
each of these might have some more connections.
13:52
So this one looks promising.
13:56
We could run a transform against email address again.
14:01
You can see there's lots of different things here. Contrite in court, correlate lots of other details about the individual.
14:18
Okay, we got a whole bunch of information here,
14:24
so you get the basic idea. The, um
14:28
this email address has been linked to several others. And now,
14:31
if that's if this was part of a social engineering,
14:35
um,
14:37
attempt like spearfishing, for instance,
14:39
you would have a lot of different angles to approach the target from.
14:43
There are lots of other
14:46
plug ins that you can you could install into a tool like multi go. Some of them you have to pay for. I believe
14:52
there are a lot of free ones as well. So
14:56
the tool has quite a few different dot capabilities.
15:00
You really could spend many hours learning its various functions, but hopefully this light overview gives you an idea at least how to get to a point where you can
15:09
expand your search for gathering information on your social engineering target.
15:13
All right. I hope you enjoy the video. See you next time. Thank you.

Up Next

Social Engineering and Manipulation

In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor