In this issue
- Maltego in
the Real World
- The Monthly
has launched their Social Engineer Penetration Testers course. It is
literally the first of it's kind. As a subscriber to the newsletter you are
getting first dibs on knowing where and what is happening.
NOW REGISTERING SEATS AND TAKING PAYMENTS!
We have chosen to hold the class March 5-9 2012 in the Seattle Area. As
well as a class in April 9th in the UK. We are limiting the number of
attendees in each class to 25 and under, so first come first serve.
- 5 days of
ground breaking training
- The Social
Engineering Penetration Testing Course guide
tools to enhance your SE practice
- A Chance to
take the first ever Social Engineering Pentesting Certification
- Lots more
want to ensure your spot on the list register
now - Classes are filling up fast and early!
The first 10 people to fully register for
either the UK and US Class will get a free pass to attend any Black Hat
Briefings in 2012 -2013 - over a $2500 value
Engineering: The Art of Human Hacking is still selling great.
haven't had a chance yet to vote, head over to this months Social-Engineering
Poll and give us your opinion.
UNSUBSCRIBE by sending an email to firstname.lastname@example.org
Check out the awesome music of Dual
Core - IT geek, Rapper and all around awesome guy...
To contribute your ideas or writing send an email to email@example.com
What's coming up..
If you want to listen to our past podcasts hit up our Podcasts Page and
download the past episodes.
Want to say thank you to our sponsors this month
- Spy Associates for continually
giving us some awesome products to test out.
- The EFF for supporting freedom of Speech
- Want a very cool website? Check out Social-Engineer.Org's graphic and web
dev at Tick Tock Computers.
A special thanks to our Editor:
John 'J' Trinckes, Jr
Check out Robin Dreeke's new amazing book called "Its Not
All About Me" packed with the top 10 techniques to building
rapport fast. It is an awesome book!
The Social-Engineer.Com Team
worked with the team at Pentest Magazine to issue a very special SOCIAL
ENGINEERING edition of Pentest.
out and subscribe now!
Evidence Visualization - Using Maltego
in the Real World
I've been doing a load of research on trying to easily visualize digital
forensic data with the hope that patterns, frequencies and clusters would
stand out easily. There are already excellent tools that do a great job for
primarily email such as NUIX and Intella, but these are pretty
expensive beasts. You can also look at software such as I2's Analyst
Notebook but we are talking stratospheric money that is out of my league.
My mind was focused when a friend at the Met Police introduced me to a new
tool called Bulk Extractor from Simson Garfinkle which scans
across an image and extracts data strings, very quickly, based on a plugin.
I set out to run Bulk Extractor against a RAM image and had tremendous
results. The tool will extract email addresses, URL's, search terms, credit
card numbers, telephone numbers and others, and does so with aplomb. The
tool generates a list of text files that can be analyzed with the Bulk
Extractor Viewer. You can run it against disk images, phone memory dumps
and RAM. This is great, but when faced with a list of 10,000+ URLS where do
you start. This is where some visualization help really comes into play.
After a lot of looking around I came back to a tool I have used many times,
Maltego. Maltego is primarily used
for the enumeration of Internet data, connecting IP's, WHOIS, email and
domain information to enable the mapping of an online infrastructure. It
also enables the importing and graphing of text/csv files.
I ran Bulk Extractor against an old 512meg RAM dump and amongst other
things it extracted URL links for over 3,000 IP addresses. Normally I would
move on quietly(!); however, I tidied up the columns in Excel and imported
them into Maltego, mapping the URL address columns. This is what I saw:-
Each little cluster represents URL's linking to a central URL in the hub. A
quick look shows the most popular URL's at the top with many links.
Straight away the list of 3,000 is somewhat more manageable if we are
interested in popular links.
Zooming down we see:-
Although a tad tricky to see that there are little links between the nodes
with URL addresses linking to the primary URL, we simply draw around
a cluster and then we see:-
Although the URLs linking in are hard to see, believe me they are there,
showing all the URLs that link to the central Mozilla.org URL. How cool is
Next I thought IP addresses would be fun, except we had over 10,000 entries
from the one RAM dump; however, it mapped very well:-
Again there are some very obvious clusters that may be of interest.
Scrolling in we see a very definite structure:-
Scrolling in further we see all the interconnected IP's with a very
interesting structure, clusters are grouped together into super-clusters.
Further again and we see the individual addresses:-
Now we can see each individual connected IP and their port numbers. Maltego
really comes into its own. We select the center of the cluster and select
the Transform to reverse look up the domain and TLD. As if by magic the
graph redraws this cluster and we get:-
We now can see that all of these IP's are referencing back to Yahoo.com and
it is a very popular cluster in the RAM dump.
Being able to 'see' data in this way can help the investigator to quickly
zone in on the important areas, seeing, if you like, the wood for the
I'm now doing work on mapping outputs from Volatility and will blog again
in a few days.
by: Nick Furneaux
will be posting Nick's Second Installment on our blog at
for Professional Social Engineering Services?
Social-Engineer.Org is branching out
with our new website www.Social-Engineer.Com
We are providing some of the following services:
Engineering Risk Assessments
Engineering Training for Pentesters
Information Gathering Services
more information on any of the above or how we might be able to help you
protect your company from malicious social engineers contact us at: firstname.lastname@example.org