Uncovering useful and embarrassing info with Maltego

Presented at DEF CON 25 (2017), Unknown date/time (45 minutes)

The talk has two sections - useful and embarrassing. In the 'useful' section of this fun filled talk we show how we combine the power of Maltego and Shodan to hunt for ICS devices on the Internet. We tackle the difficult problem of finding the function, owners and locations of these devices using OSINT and Maltego. The result is a one click sequence of transforms that makes finding interesting ICS devices child's play. In the 'embarrassing' section we look at how network footprinting (which we've refined to an art in Maltego) becomes useful for identifying and profiling people who's job description involves lots of lies and who probably does not want to be associated with the data that's out there on them.

Presenters:

• Andrew MacPherson - Ops/Dev - Paterva
  Andrew Macpherson is the operations manager at Paterva. With a degree in Information Science and an uncanny knowledge of cat memes he successfully 0day'd at Paterva in 2007. With a decade of graphing, arguing and tea making he has proved to be a valuable asset at the company. Aside from Maltego'ing everything that looks like a nail he also has a keen interest in hardware and security. @paterva @andrewmohawk

Links:

• https://defcon.org/html/defcon-25/dc-25-speakers.html#MacPherson
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - Macpherson and Temmingh - Uncovering useful and embarrassing info with Maltego.mp4
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - Macpherson and Temmingh - Uncovering useful and embarrassing info with Maltego.srt (subtitles)

Similar Presentations:

• GrrCON 2019 / Data Security: How to avoid an embarrassing breach
• DEF CON 20 (2012) / Sploitego - Maltego's (Local) Partner in Crime
• Black Hat USA 2013 / Maltego Tungsten As a Collaborative Attack Platform