Open Source Intelligence (OSINT) Using Maltego
About NanoSec Asia
NanoSec is a newly created security community who organises events that focuses on all things security for Asia Pacific region based in Kuala Lumpur, Malaysia. They started on 2018 by organising a 1-day vendor-neutral conference called ‘Nano Security Conference’ — which now has become an annual event. NanoSec is run by a dedicated group of local IT Security professionals & students, with the help of volunteers from the community. If you’re interested to volunteer, kindly drop us an email at nsc@nanosec.asia. Final year IT students are highly encouraged to join.
For NanoSec Play 2021 Editions, we got a chance to participate as trainer in a workshop for Open Source Intelligence using Maltego. This workshop was host virtually for around 4 hours. The overall content for this workshop can be summarize as below:
Open Source Intelligence Concept
Open Source Intelligence: Intelligence-gathering discipline that includes the collection, processing, and analysis of information from publicly available sources to deliver “usable” intelligence.
- Open Source Data: Raw print, broadcast, verbal questioning, or other forms of data from a primary source.
- Open Source Information: Gathered from generic data such as books, daily papers, broadcasts, etc that are generally spread around the world.
Information Collection Process
- Recon phase
- Identify potential dangers and cyber attackers
- Discover if your confidential organization information has been publicly exposed.
- Collect information about targets before attacking them
- Understand context and sources of information about an issue
Maltego
- Open source intelligence and graphical link analysis tool for gathering and connecting information for investigative tasks.
- Maltego is a Java application that runs on Windows, Mac and Linux.
- Maltego is used by a broad range of users, ranging from security professionals to forensic investigators, investigative journalists, and researchers.
- https://www.maltego.com/
Maltego Glossary
- Entities: A node on the graph.
- Machine: Maltego equivalent of macros.
- Hub Items: Install combinations of Transforms, Entities and Machines from a server
- Transform: Code that searches for information related to an Entity on the graph
- Transform Hub: Access paid and free data from a variety of public sources
Maltego Interface Guide
Maltego Transform Hub Example
Maltego Machine
- In Maltego, a Machine is a script/macro that runs multiple Transforms with different types of filters.
- Machines are useful for completing common tasks such as forward footprints of domains.
The Full Slide for this workshop can be download in NanoSec Asia Offical Discord: https://discord.gg/Z66SM6GA
A very big thank you to everyone involves in NanoSec Play 2021 for the great experience in participating for this years event.