Maltego Lab | Cybrary

Video Activity

Create Free Account

In this lab, Subject Matter Expert Dean Pompilio demonstrates Maltego for Kali Linux. (Maltego also can be installed on Windows systems). This tool allows you to visualize the relationships between and among various bits of information, which Maltego calls entities, that you discover about the target of a Social Engineering Audit. SME Pompilio give...

Sign up with

Or

Already have an account? Sign In »

Time

3 hours 55 minutes

Difficulty

Advanced

CEU/CPE

5

Create Free Account

In this lab, Subject Matter Expert Dean Pompilio demonstrates Maltego for Kali Linux. (Maltego also can be installed on Windows systems). This tool allows you to visualize the relationships between and among various bits of information, which Maltego calls entities, that you discover about the target of a Social Engineering Audit. SME Pompilio gives an example that demonstrates the various ways you can run "transforms" of the known entities about your target. The entities are connected and displayed on a graph. There is a discussion of the various available layouts, the various modes, how things are color-coded, changing size from the default, and other options for viewing your data that are useful for organizing your data. SME Pompilio demonstrates how to transform email address from the specific domains discovered for the Social Engineering Audit target. Then he does a search for various categories of information to filter his data. He then runs a transform of the various email addresses to uncover other emails and other profiles on other social networking sites. He then can run other transforms to correlate all the data in various ways. Various free and paid plug-ins are available for Maltego that enhance its basic features.

00:06

Hello, everyone. This is Dean Pompilio, your subject matter expert for social engineering

00:13

And this demo we're going to take a look at multi. Go.

00:16

This is the Verena Multi go. That's for Callie Lennox.

00:22

Or you can also install multi go on Windows

00:26

operating systems.

00:28

Anyway, since we've been focusing mostly on using

00:32

Thea Callie Environment, I figured I would show everyone

00:35

this version of the tool called Carbon.

00:38

You do have to register for the community edition

00:42

so that you can log in and used their servers to do your your searches will be aware of those those install steps you confined. That obviously on the website

00:51

petrova dot com is where you want to go.

00:56

All right, So

00:58

what this tool allows you to do

01:00

is to visualize

01:03

the relationships between different bits of information

01:07

and these could be lots of different things.

01:11

Multi go calls them entities community email address or an I p. Address,

01:17

domain name or ah

01:19

uh uh t and s name.

01:22

Any of those things could be

01:23

could be discovered about your target

01:26

for a social engineering audit.

01:29

And then once you've identified thes entities, you can run what are called transforms

01:34

and the transforms can take many different dumb

01:38

shapes. It depends on what kind of entity it is.

01:41

You get the transforms that are relevant for that type of object.

01:47

All right, so

01:48

let's let's start out by creating a new graph.

01:53

And it's called a graft because you're once you see the way the objects are connected, you get different lines. And,

01:57

um,

01:59

it's an edge graft. Basically,

02:01

the shortcut for doing that is

02:04

control T,

02:10

or you can go to this icon here

02:15

and click this particular another new graph.

02:19

Either way, I like using shortcuts. Keyboard shortcuts save a lot of time.

02:24

Okay, so let's let's assume at this point in your social engineering audit that you at least have the name

02:30

of of the of a particular target.

02:35

Maybe this person

02:37

is someone that works at an organization or

02:39

or they know someone who works there.

02:43

And you're trying to learn more about this, this individual to see you,

02:46

perhaps if they have, ah, several different email addresses,

02:51

what kinds of social networking sites they might be using.

02:54

These are all details that are that are definitely useful.

03:00

All right, so we're gonna start with a domain

03:05

and entity will drag that out

03:07

by default. It goes to the pater va dot com website.

03:12

We can simply double click this and put in something else like Facebook.

03:17

So if you were trying to research

03:21

a, uh, an individual, maybe for a spear fishing campaign, that could be another good reason.

03:27

You definitely could do worse than just start with something like Facebook.

03:31

You can also use Twitter if you see down here, there's, ah social network section

03:37

in the interface

03:38

and there are some specific Facebook

03:43

entities we're just going to use the domain for right now, though.

03:52

Okay, So what we want to do now is try our first set of transforms.

03:57

We can right click on the object

03:59

and there's a run transforms menu

04:02

and what we want to do is D. N s from domain, and you can see there's quite a few

04:09

transforms within this group.

04:12

You could go to the bottom and run all the transforms, which is what we're gonna do for a lot of these examples. But you might want to go back later and run individual ones as

04:19

as you see fit.

04:24

So has this runs.

04:28

I'm getting a list of

04:30

domains that are related to facebook dot com

04:34

Sub domains. Basically,

04:36

or a different

04:40

high level debates.

04:43

You can use your mouse well to scroll in and out,

04:45

So I'm gonna scroll out a little bit. So this fits better.

04:48

You can see we've got a pretty nice selection.

04:51

Different Facebook domain. Some of these might not be relevant

04:56

for the person we're searching for.

05:00

So if that's the case, if you don't, for instance, think that the

05:04

targets involved in development

05:08

if you can delete a couple of these

05:16

we see we've got some name servers that show up Looks like an S one. Might be a name, sir.

05:21

Possibly.

05:23

Okay, so we got a collection of domains now,

05:28

And

05:30

this particular target,

05:31

uh,

05:32

probably has some email addresses associated with facebook dot com. So that's what we want to figure out next.

05:42

So I'm going to zoom out again,

05:46

and I'm gonna select all these domains.

05:53

Now, what I want to do is revolve all these two i p addresses,

05:58

clips.

06:09

All right. So resolved to I p, the menu could be a little bit confusing to navigate. As you can see, it's easy to uh, accidentally pop

06:16

one of the sub menus out,

06:18

So just click off to the side and try again. If that happens,

06:23

so resolved. I p is what we want.

06:27

Run all those

06:29

and you could see the updates in the window below here,

06:31

as these transforms are running on those

06:34

those domains

06:36

also, some other things about the interface.

06:42

As you can see, we've got a detailed view on the side here,

06:45

and this will

06:46

show whatever is currently selected or whatever you're pointing to.

06:56

And different entities have different types of details.

07:01

Okay, so now we've got a bunch of I p addresses

07:04

associated with these particular

07:06

Facebook domains.

07:15

And what we can do know is look to see possibly what other D N s names are associated with these particular i p's

07:23

someone a zoom out so I can see them all.

07:33

So Deena's for my p.

07:35

I'm gonna go ahead and run all the transforms there

07:40

and the reason that I might be digging in this deeply

07:44

just looking for an individual is to correlate

07:46

different types of domains. Different types of I P addresses different email accounts.

07:51

All these things might be related to the results from thes transforms.

07:58

All right, so if you look at a particular I P address,

08:01

we can see that there are quite a few Facebook domains here. But there's also some domains that don't appear to be related

08:09

to Facebook.

08:18

In either case,

08:18

we can see the I P is their associate ID.

08:26

So let's look at some different layouts. Give you a little bit more of an idea of how the information can be visualized. If you zoom out far enough, you can see we go to a what's called a bubble view,

08:39

and it's color coded so you can select large bonds, objects easily with the mouse

08:46

or, you know, my holding down shift. You could multi select,

08:54

but if you're zoomed in

08:56

to what's called the main view,

08:58

you can click the bubble of you manually and you get some different options.

09:05

So

09:07

the view we're looking at originally was the block view.

09:11

So this layout mode,

09:13

but everything in blocks and it might be useful for certain kinds of sorting of information.

09:22

Or you could go to hierarchical mode,

09:28

which tries to organize

09:30

information

09:31

slightly different method.

09:35

No one is a hierarchy.

09:37

It's trying to get zoomed in here

09:41

and again, this might be useful

09:43

for sorting information.

09:45

There's also a circular view

09:48

showing, AH, kind of a hub and spoke idea for

09:52

relationships between objects.

09:58

And there's the organic mode,

10:01

which could be really useful when you're trying to compare two different sets of objects to see which

10:05

items they might have in common.

10:09

And then you can also change the ball size.

10:13

So the default is diverse descent,

10:16

which is kind of a ranking.

10:18

Or we can do something like the number of links, and it will create a larger ball.

10:22

Incoming links, larger balls that have more incoming links

10:26

or balder larger that have outgoing links.

10:31

All right, so that's a little introduction to the interface.

10:39

So now that we've seen how we can look at the,

10:43

uh

10:43

information and different different formats of zoom Out

10:48

and I want to select facebook dot com

10:50

and we're gonna transform

10:54

email addresses from domain is what I'm looking for,

11:01

and I'm gonna go ahead and

11:03

run all the transforms on this.

11:07

We're getting some updates down here, and some items are popping up.

11:22

Oh, they're over. Here we go.

11:30

So we've got a few that popped up. Um,

11:33

she gets more here in a moment.

11:45

Okay, so we returned a bunch of e mail addresses. Keep in mind these air just e mail addresses that

11:52

were found on this particular domain. It's not going to search all Facebook users for their e mail addresses,

12:01

but for the purposes of our demonstration, this this at least returned some usable usable names.

12:07

Okay, so

12:09

we can do

12:09

is that we know our target's name.

12:20

It's ju.

12:24

Well, we can search for all or weaken

12:28

scroll down in search for different categories

12:31

of information.

12:31

So this is a nice waited to do your filtering.

12:39

Okay, So I found

12:41

that that the target of the

12:45

social engineering

12:46

audit is does have a Facebook address.

12:50

So what we can do? No,

12:56

it's run from transforms against the email address.

12:58

There's quite a few choices here.

13:01

And this might show whether the target has

13:05

profiles and other social engineering or social networking sites,

13:09

or whether they've got other email addresses associate ID

13:13

with this one.

13:18

So I'm gonna go ahead and run all the transforms.

13:20

Get a warning that this might take a little while.

13:28

Some of the transformers may air out so you can just

13:31

click those.

13:37

All right, so a bunch of things were turned up here. We can see that there are several more email addresses,

13:41

and it looks

13:45

looks like

13:46

each of these might have some more connections.

13:52

So this one looks promising.

13:56

We could run a transform against email address again.

14:01

You can see there's lots of different things here. Contrite in court, correlate lots of other details about the individual.

14:18

Okay, we got a whole bunch of information here,

14:24

so you get the basic idea. The, um

14:28

this email address has been linked to several others. And now,

14:31

if that's if this was part of a social engineering,

14:35

um,

14:37

attempt like spearfishing, for instance,

14:39

you would have a lot of different angles to approach the target from.

14:43

There are lots of other

14:46

plug ins that you can you could install into a tool like multi go. Some of them you have to pay for. I believe

14:52

there are a lot of free ones as well. So

14:56

the tool has quite a few different dot capabilities.

15:00

You really could spend many hours learning its various functions, but hopefully this light overview gives you an idea at least how to get to a point where you can

15:09

expand your search for gathering information on your social engineering target.

15:13

All right. I hope you enjoy the video. See you next time. Thank you.

In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.

CEO of SteppingStone Solutions