maltego in the enterprise - security bsides• rapid7’s nexpose maltego transforms • launch a...
TRANSCRIPT
![Page 1: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/1.jpg)
Maltego In The Enterprise
J. David Bressler Senior Security Consultant
![Page 2: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/2.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
About Me • Senior Security Consultant, GuidePoint Security • I like to Make Things • I like to Break Things • My Alphabet Soup: OSCP, MCSA, ABCDEFG…
(You know the rest) Contact Me • Twitter: @bostonlink (Say Hello!) • Github: https://github.com/bostonlink
![Page 3: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/3.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
What is Maltego?
• Created by Paterva www.paterva.com • Reconnaissance and Information Gathering • Visualize Gathered Information • Customizable!
![Page 4: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/4.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Why Maltego In the Enterprise?
• Single tool for Information Gathering and Analysis
• Integrate internal tools/APIs with custom transforms
• And More! Think outside the box!
![Page 5: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/5.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Maltego Transforms
backend or remote scripts/programs that pull information from specific sources and creates entities
![Page 6: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/6.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Built-in/Remote Transforms
![Page 7: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/7.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Local Transforms
Example of CuckooForCanari and PAMalt Canari Framework transform packs
![Page 8: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/8.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Which Transform Should I Use?
• Depends on your overall goal & architecture
• Internal systems and tools – Local Transforms or Internal TDS Server
• External data sources – Local or Remote Transforms
![Page 9: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/9.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
The Canari Framework
• Created by Nadeem Douba (Sploitego) • Maltego Local Transform Development
framework • www.canariproject.com • forums.canariproject.com (Community)
![Page 10: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/10.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
The Canari Framework
• No need to focus on the XML output formatting
• Focus on the data gathering and parsing logic • Gives you the easy ability to install transforms
packs, and a lot more!
![Page 11: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/11.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Why Integrate Other Tools?
1. Because It’s AWESOME!
2. Value of data
3. To visualize internal enterprise data
4. Ability to easily pivot from internal data to external data
![Page 12: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/12.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
PAmalt Overview
• Palo Alto Networks Firewall Transform Pack
• Used to quickly visualize detected top attacks, threats, malware, etc.
https://github.com/bostonlink/pamalt_canari
![Page 13: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/13.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
PAmalt Example
![Page 14: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/14.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
NWmaltego Overview
• RSA Netwitness NSM/Packet Capture Transform Pack
• Used to quickly query Netwitness for metadata parsed from network sessions
https://github.com/bostonlink/nwmaltego_canari
![Page 15: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/15.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
NWmaltego Example
![Page 16: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/16.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
CuckooForCanari Overview
• Cuckoo Sandbox Transform Pack
• Used to visually display dynamic malware analysis
https://github.com/bostonlink/cuckooforcanari
![Page 17: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/17.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
CuckooForCanari Example
![Page 18: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/18.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Nextego
• Rapid7’s Nexpose Maltego Transforms
• Launch a Nexpose Vulnerability Scan on a Host within Maltego
• Display Ports, Services, Service Versions /Fingerprints
• Display Vulnerabilities, Metasploit Modules, exploit-db Exploits available
• Version 1.0 Released Today!
![Page 19: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/19.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Nextego Demo
Demo Time!
![Page 20: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/20.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Putting It All Together
• Integration with multiple tools can paint a better picture for security teams
• Having the ability to visualize data from multiple sources in one window is VALUABLE
• Ability to do high-level analysis on visualized data to come to a quicker conclusion
![Page 21: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/21.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
No One Likes Looking At This
![Page 22: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/22.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Drives You To Look Like This
![Page 23: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/23.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Special Thanks!
• GuidePoint Security (@GuidePointSec) • Paterva (@Paterva) • Nadeem Dooba (@ndooba) • Rich Popson (@Rastafari0726) • The Canari Framework (@canariframework)
and community behind it
![Page 24: Maltego In The Enterprise - Security BSides• Rapid7’s Nexpose Maltego Transforms • Launch a Nexpose Vulnerability Scan on a Host within Maltego • Display Ports, Services, Service](https://reader030.vdocument.in/reader030/viewer/2022040819/5e6789d097eb267d3205c62f/html5/thumbnails/24.jpg)
CONFIDENTIAL AND PROPRIETARY © 2013 GuidePoint Security
Questions or Feedback?