GATHERING INTELLIGENCE WITH MALTEGO
Disclaiming
Before we start, I would like to state that this article had been prepared for educational uses only, and no responsibility is taken for its bad uses. In recent times when cross-national and social incidents have increased, the matter of intelligence has gained much importance. There is a remarkable increase in the number of cyber-attacks performed compared to the past.
Countries are literally competing against gaining each other’s military, economic, and other confidential information through cyber intelligent methods. Last year, the number of APT groups who are especially concerned with this kind of stuff has incremented.
The most known among these is the APT401 as named by FireEye. This is just an example yet tens of known and unknown groups exist. Being aware of the current time we’re in, understanding the dynamics it creates and knowing where one fits in the cyber world is necessary to protect oneself from the threats. If we can’t correctly analyze the situation we’re in and not know what to concentrate on, we can’t take the necessary precautions. This is why vulnerabilities emerge.
Cyber attackers work nonstop for days, weeks, and months in order to find weaknesses. Of course, the most important part of investigating and analyzing a system is gathering information about the system or person. The better the attackers know the system or person, the better they know about the vulnerabilities or vulnerabilities that the person or the system has — they thus determine the attack methods and cyber weapons accordingly. Active and passive intelligence gathering techniques are used for this. Maltego is a tool that enables us to actively gather information. Let’s go deeper.
Among the most popular and practical cyber intelligence tools, Maltego is a very practical information-gathering program that can be found built-in in Kali Linux. Its producer “Paterva” is a program actively used in penetration testing and intelligence gathering processes. Maltego’s special packets for commercial use are also available and these packets are of extra charge, however, you can download the Community packet for free and use it for non-commercial uses.
Installing Maltego for, Windows:
You can choose the download option suitable according to the architecture of your computer (32–64 bit). There are also options for Linux and MAC.
Linux:
Maltego is usually built-in in security-based Linux distributions. For cases where it is not, the process goes like this:
With the command above, you can install Maltego.
When you open Maltego, it will ask you to log in. You can obtain a membership from Paterva’s website or directly sign up with the screen the program requests.
The screen after Maltego is opened and logged in.
The menu has some titles like,
- Investigate
- View
- Entities
- Collections
- Transforms
- Machines
- Collaboration
- Import/Export
- Windows
Investigate
Investigate is where the investigation modification, diagram preparation etc. are features are used. Now, has Privacy Mode with the new version.
This is a module specially designed for researchers. This module does not generate any queries that contain your IP. The title also prevents from downloading images. However, there is still no guarantee that a precise direct connection will be established. Of course, the disadvantage of this is that it will not off era user experience as it does in normal mode, so it may not produce rich content. In addition to this feature, the quick find option is also included in this tab.
View
This is the part used to edit the display and hierarchy of the results. This is where organic hierarchy and other hierarchy layouts are found. Adjusting the layout of your work can improve your ability to study it.
Entities
Here, you can add or edit entities. This is the section where you can make designs according to your needs. You can add or remove new entity types or edit existing entities.
Collections
In this section, simplifying is done in order to understand the collected data. It collects the data of the same types in a square and simplifies the image. You can also specify how many of the findings to be displayed.
Transforms
Here, you can manage, add, or remove used services. If you right-click on things like domain, person, etc., you can see some options like “to IP” etc.
Machines
This is where automated tools are found. It contains queries specially prepared for the person, company, domain, etc. that you want to collect information about.
You can select any option as in the image.
As an example, we are going to performing reconnaissance in a company. Queries will be automatically done after you provide the domain name (the domain of the company). These queries contain such functions as scanning any document belonging to the company, finding email addresses and social media accounts, etc.
Collaboration
In this section, you can share the graphics, images, diagrams that you have created with someone else and discuss them on a chat window.
Import/Export
In this section, you can import/export the graphics of the investigation you made, can output the graph as a table or image and export it. Options are given to manage the reports.
Windows
All editing functions of the program are available in the Windows section. Options such as Close All Graphs and Reset Windows can be found here. You can manage as you wish.
Palette
The Palette section works in a drag & drop fashion, contains many categories. Among these categories, the one that responds to the intelligence need is chosen and dropped to the white page in the middle. Let’s collect information about a domain as an example.
Let’s select Domain in the Infrastructure section.
Drag and drop the Domain option into the blank page found on the right. After dropping, double-click and write the domain without the www at the beginning.
Then you can right-click the domain you want to query at the desired level, and perform the queries you want by right-clicking on the resulting subqueries. The resulting image will be as follows:
On these images, you can work on the desired intelligence tool you want to gather information with. Thanks to Maltego, you can obtain information like the network architecture of the company, the domain addresses, email addresses, and numbers of the employees and use this information to do social engineering or system pentesting through technical information.
Run View
In this section, you can adjust the performance at your desired level. You can use fast, detailed, and wide search types.
The basic use of the Maltego tool is like this. Th equality and method of the research may differ according to the purpose and the deepness of the research.
This is how to use Maltego basically, so thank you for reading.
