Embed Size (px)
DESCRIPTION
Nadeem Douba, GWAPT, GPEN currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public sectors. Nadeem has been involved within the security community for over ten years and has frequently presented talks in his local ISSA chapter, and most recently at DEF CON 20 on the topics of Open Source Intelligence and mobile security. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.
Citation preview
Saturday, April 8, 2023 1
Sploitego - Maltego’s (Local) Partner in Crime
Presented by Nadeem Douba
@ndouba | [email protected]
2
Situated in Ottawa, ON, Canada Work at Cygnos Information Security as Pen-
Tester◦ Subsidiary of Raymond Chabot Grant Thornton
Open Source Intelligence (OSInt)/Data Science Fanatic!
Open Source Software Fanatic: https://github.com/allfro
Credentials?◦ Yes I sold my soul to the devil…
About Me
Saturday, April 8, 2023@ndouba | [email protected]
A Brief Intro to Maltego What is Sploitego? Why Sploitego? Cool Demos Installing Sploitego on Backtrack Creating Your Own Transforms Wrap Up Questions
Saturday, April 8, 2023 3
Overview
@ndouba | [email protected]
Brief Intro to MaltegoFor those who are not familiar…
Saturday, April 8, 2023 4@ndouba | [email protected]
Pen-test transforms for Maltego!◦ Transforms for all stages
Built with Python and Canari Framework◦ Rapid Development Local Transform Framework
Saturday, April 8, 2023 7
What is Sploitego?
@ndouba | [email protected]
Open Source Intelligence (OSInt) gathering is a big part of our assessments.
Information we collect about our targets can break them.
Most OSINT tools work with Public information repositories.
What if you are working with something Private?
Saturday, April 8, 2023@ndouba | [email protected] 9
Why Sploitego?
12
Why use Local Transforms?
Pros Cons
Full Client-side Control Maintain Privacy Great Data Visibility
✗ Processing Overhead✗ Development✗ IP Disclosure
Saturday, April 8, 2023@ndouba | [email protected]
What can be done with a Local Transform…
That can’t already be done with a remote transform?
Saturday, April 8, 2023@ndouba | [email protected] 13
Saturday, April 8, 2023 15
Did Someone Say Demo?
Sploitego DNS Transforms
@ndouba | [email protected]
Saturday, April 8, 2023 18
Writing your own Transforms…
With the Canari Framework!
@ndouba | [email protected]
Malformity by Keith Gilbert and team:◦ https://github.com/digital4rensics/Malformity
NWMaltego, PaMalt, and CuckooForCanari by J. David Bressler and Rich Popson:◦ https://github.com/bostonlink/nwmaltego_canari◦ https://github.com/bostonlink/pamalt_canari◦ https://github.com/bostonlink/cuckooforcanari
CookieGrabber by Adam Maxwell:◦ https://github.com/catalyst256/canariCookieGrabber
Saturday, April 8, 2023@ndouba | [email protected] 19
What Others Have Done with Canari
Canari Websites:◦ http://www.canariproject.com◦ https://forums.canariproject.com
Limited Documentation:◦ https://github.com/allfro/canari ◦ https://github.com/allfro/sploitego
Youtube Channel:◦ http://youtube.com/allfro
Source Code/Bugging me
Saturday, April 8, 2023 20
Where to Look for More Info!
@ndouba | [email protected]
21
Email: [email protected] Twitter: @ndouba Skype: nadeem.douba
Drop me a Line
Saturday, April 8, 2023@ndouba | [email protected]
22
Paterva:◦ Andrew MacPherson (Mohawk)◦ Roelof Temmingh (RT)
Cygnos/RCGTCI The Security Community
Kudos to…
Saturday, April 8, 2023@ndouba | [email protected]
