View
792
Download
0
Category
Tags:
Preview:
DESCRIPTION
Nadeem Douba, GWAPT, GPEN currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public sectors. Nadeem has been involved within the security community for over ten years and has frequently presented talks in his local ISSA chapter, and most recently at DEF CON 20 on the topics of Open Source Intelligence and mobile security. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.
Citation preview
Saturday, April 8, 2023 1
Sploitego - Maltego’s (Local) Partner in Crime
Presented by Nadeem Douba
@ndouba | ndouba@gmail.com
2
Situated in Ottawa, ON, Canada Work at Cygnos Information Security as Pen-
Tester◦ Subsidiary of Raymond Chabot Grant Thornton
Open Source Intelligence (OSInt)/Data Science Fanatic!
Open Source Software Fanatic: https://github.com/allfro
Credentials?◦ Yes I sold my soul to the devil…
About Me
Saturday, April 8, 2023@ndouba | ndouba@gmail.com
A Brief Intro to Maltego What is Sploitego? Why Sploitego? Cool Demos Installing Sploitego on Backtrack Creating Your Own Transforms Wrap Up Questions
Saturday, April 8, 2023 3
Overview
@ndouba | ndouba@gmail.com
Brief Intro to MaltegoFor those who are not familiar…
Saturday, April 8, 2023 4@ndouba | ndouba@gmail.com
What is Sploitego?Sounds interesting…
Saturday, April 8, 2023 5@ndouba | ndouba@gmail.com
Saturday, April 8, 2023 6
Pure Awesomeness!
@ndouba | ndouba@gmail.com
Pen-test transforms for Maltego!◦ Transforms for all stages
Built with Python and Canari Framework◦ Rapid Development Local Transform Framework
Saturday, April 8, 2023 7
What is Sploitego?
@ndouba | ndouba@gmail.com
Why Sploitego?Hasn’t this been done before?
Saturday, April 8, 2023 8@ndouba | ndouba@gmail.com
Open Source Intelligence (OSInt) gathering is a big part of our assessments.
Information we collect about our targets can break them.
Most OSINT tools work with Public information repositories.
What if you are working with something Private?
Saturday, April 8, 2023@ndouba | ndouba@gmail.com 9
Why Sploitego?
Saturday, April 8, 2023 10
Remote Transforms
@ndouba | ndouba@gmail.com
Saturday, April 8, 2023@ndouba | ndouba@gmail.com 11
Local Transforms
12
Why use Local Transforms?
Pros Cons
Full Client-side Control Maintain Privacy Great Data Visibility
✗ Processing Overhead✗ Development✗ IP Disclosure
Saturday, April 8, 2023@ndouba | ndouba@gmail.com
What can be done with a Local Transform…
That can’t already be done with a remote transform?
Saturday, April 8, 2023@ndouba | ndouba@gmail.com 13
Installing SploitegoOn Backtrack…
Saturday, April 8, 2023@ndouba | ndouba@gmail.com 14
Saturday, April 8, 2023 15
Did Someone Say Demo?
Sploitego DNS Transforms
@ndouba | ndouba@gmail.com
Saturday, April 8, 2023 16
Nmap It!Service Discovery Demo
@ndouba | ndouba@gmail.com
Saturday, April 8, 2023 17
Nessus It!Vulnerability Discovery Demo
@ndouba | ndouba@gmail.com
Saturday, April 8, 2023 18
Writing your own Transforms…
With the Canari Framework!
@ndouba | ndouba@gmail.com
Malformity by Keith Gilbert and team:◦ https://github.com/digital4rensics/Malformity
NWMaltego, PaMalt, and CuckooForCanari by J. David Bressler and Rich Popson:◦ https://github.com/bostonlink/nwmaltego_canari◦ https://github.com/bostonlink/pamalt_canari◦ https://github.com/bostonlink/cuckooforcanari
CookieGrabber by Adam Maxwell:◦ https://github.com/catalyst256/canariCookieGrabber
Saturday, April 8, 2023@ndouba | ndouba@gmail.com 19
What Others Have Done with Canari
Canari Websites:◦ http://www.canariproject.com◦ https://forums.canariproject.com
Limited Documentation:◦ https://github.com/allfro/canari ◦ https://github.com/allfro/sploitego
Youtube Channel:◦ http://youtube.com/allfro
Source Code/Bugging me
Saturday, April 8, 2023 20
Where to Look for More Info!
@ndouba | ndouba@gmail.com
21
Email: ndouba@gmail.com Twitter: @ndouba Skype: nadeem.douba
Drop me a Line
Saturday, April 8, 2023@ndouba | ndouba@gmail.com
22
Paterva:◦ Andrew MacPherson (Mohawk)◦ Roelof Temmingh (RT)
Cygnos/RCGTCI The Security Community
Kudos to…
Saturday, April 8, 2023@ndouba | ndouba@gmail.com
Saturday, April 8, 2023 23
Thanks for Attending!Questions in Q&A
@ndouba | ndouba@gmail.com
Recommended