Maltego MagicCreating transforms for fun, profit or mischief

by Adam Maxwell (@catalyst256)

What’s the crack, Jack?

• Introduction• Why is Maltego Awesome?• Maltego Terminology• Creating Entities• Creating Transforms• Creating Machines• Import/Export Stuff• You want more?• Questions

Introduction

• Cyber Security Manager (bonus points for having Cyber in job title)

• Maltego, Python & PCAP addict• Got some certs• Write a blog• Do some other stuff

Introduction

• Do’s & Don’t’s for today• Do ask questions.• Do have fun (or else).• Do let your imagination run wild (ok, ok not that

wild).

• Don’t be afraid to ask questions.• Don’t click “All Transforms” ever.. Never, ever, no

excuses..

Why is Maltego Awesome?

• Graphical representation of data (any data really).

• Does link analysis as well.• Written by some cool dudes.• It’s hard to put it into words..

Why is Maltego Awesome?

• You can use it for:• Malware Analysis• PCAP Analysis• Netflow Analysis• Social Media Stalking (not endorsed or encouraged)• Infrastructure Mapping• Wireless Stalking (not endorsed or encouraged)• Honeypot Analysis• Threat Intelligence Analysis• You can even use it to attack things (yes it’s

offensive as well).• And many, many more things…..

Maltego Terminology

• Graph• The thing you put entities on.

• Entity• A thing that contains some information that you run a

transform against to get another entity with different information.

• Transform• A piece of code that takes the information from an

entity, does something and then returns another entity.

• Machine• A way of running multiple transforms without clicking

anything.

The Hands On bit..

• You can get the code samples from:• https://github.com/catalyst256/

MaltegoMagic

Creating Entities

• Create a new entity as the base to call our transforms.

• Remember the “unique type name”• Watch out for entity inheritance.

Creating Transforms

• Create a transform, follow the blog series here:

• http://itgeekchronicles.co.uk/tag/myfirsttransform/

Creating Machines

• Create a machine to run all our transforms

Importing/Exporting Stuff

• Export the following:• Entities• Transforms• Machines• Transform Sets• Icons

• Watch out for path “issues”.

You want more???

• Maltego Development Portal• http://dev.paterva.com/developer/

• GitHub is your friend• https://github.com/search?utf8=%E2%9C

%93&q=maltego

• This bloke keeps a list• http://cmlh.pbworks.com/w/page/52858689/

Transforms

Questions