Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Maltego - "Have I been pwned?"
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Christian Heinrich
July 29, 2017
Technology
0
470
Maltego - "Have I been pwned?"
Integration of "Have I been pwned?" with Maltego
Christian Heinrich
July 29, 2017
Tweet
Share
More Decks by Christian Heinrich
See All by Christian Heinrich
ssh
cmlh
2
380
Other Decks in Technology
See All in Technology
モジュラモノリス導入から4年間の総括:アーキテクチャと組織の相互作用について / Architecture and Organizational Interaction
nazonohito51
8
4.3k
AgentCoreとLINEを使った飲食店おすすめアプリを作ってみた
yakumo
2
260
Navigation APIと見るSvelteKitのWeb標準志向
yamanoku
2
120
CREがSLOを握ると 何が変わるのか
nekomaho
0
140
「捨てる」を設計する
kubell_hr
0
410
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
kaomi_wombat
0
250
Datadog で実現するセキュリティ対策 ~オブザーバビリティとセキュリティを 一緒にやると何がいいのか~
a2ush
0
160
FASTでAIエージェントを作りまくろう!
yukiogawa
4
120
The Rise of Browser Automation: AI-Powered Web Interaction in 2026
marcthompson_seo
0
310
「お金で解決」が全てではない!大規模WebアプリのCI高速化 #phperkaigi
stefafafan
5
2.3k
Sansanの認証基盤を支えるアーキテクチャとその振り返り
sansantech
PRO
1
110
OpenClawでPM業務を自動化
knishioka
1
270
Featured
See All Featured
Thoughts on Productivity
jonyablonski
75
5.1k
Building Applications with DynamoDB
mza
96
7k
Leo the Paperboy
mayatellez
4
1.6k
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
390
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
1
1.4k
Deep Space Network (abreviated)
tonyrice
0
96
How to make the Groovebox
asonas
2
2k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
500
So, you think you're a good person
axbom
PRO
2
2k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
650
The Invisible Side of Design
smashingmag
302
51k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
440
Transcript
Maltego “Have I Been Pwned?” Christian Heinrich DEFCON China [Beta]
(2018) “Demo Labs” and “Recon Village”
https://www.slideshare.net/cmlh/maltego-have-i-been-pwned https://speakerdeck.com/cmlh/maltego-have-i-been-pwned https://github.com/cmlh/Maltego-haveibeenpwned/tree/master/Presentation Don’t forget to look at each Slide
Note. Latest Slides
https://www.linkedin.com/in/ChristianHeinrich Developer of Local and Remote Maltego Transforms for: @Facebook
@Instagram @Gravatar @RecordedFuture @TAIA Global REDACT™ @VirusTotal @FullContact Python Modules from @CanariProject and @Paterva https://github.com/search?q=user%3Acmlh+Maltego $ whoami
Agenda 1. Integration of the API [v1 and v2], including
“Pwned Passwords” 2. Configuration of Maltego: • Import configuration file • “Transform Hub” 3. Case Studies • Penetration Tester • Incident Responder
“Have I Been Pwned?”
Integrated Single API v1 Endpoint. Supports all API v1 HTTP
Status Codes i.e. 200, 400 and 404. @haveibeenpwned – API v1
@haveibeenpwned – API v1
Integrated API v2 Endpoints: 1. Getting all breaches for an
account 2. Getting all pastes for an account 3. Getting all breached sites in the system 4. Getting a single breached site @haveibeenpwned – API v2
Supports all APIv2 HTTP Status Codes i.e. 200, 400, 403,
404 and 429. Rate Limit • All breaches for an account i.e. e-mail address and alias. • All pastes for an e-mail address @haveibeenpwned – API v2 – Rate Limit
Integrated Single API v1 Endpoint. Supports all API v1 HTTP
Status Codes i.e. 200 and 404. “Pwned Passwords” – API v1
Integrated API v2 Endpoints: • Searching by Password • Searching
by Range Supports all API v1 HTTP Status Codes i.e. 200 and 404. “Pwned Passwords” – API v2
Installation
1. “Account” 1. maltego.EmailAddress 2. maltego.Alias 2. “Site” 1. maltego.Domain
2. Maltego.Phrase @haveibeenpwned – Maltego Input Entities
@haveibeenpwned – maltego.Alias Entity
@haveibeenpwned - Paste
@haveibeenpwned - Paste
@haveibeenpwned – Maltego Machines
@haveibeenpwned – Maltego Machines
@haveibeenpwned – Maltego Machines
@haveibeenpwned – Maltego Machines
@haveibeenpwned – <DisplayInformation>
@haveibeenpwned – <DisplayInformation>
1. haveibeenpwned.Password • Inherits from maltego.Phrase 2. maltego.Hash “Pwned Passwords”
API v2 – Input Entities
“Pwned Passwords” API v2 – Range
@troyhunt of @haveibeenpwned @SudhanshuC of the forked Maltego local transforms
@RoelofTemmingh, @AndrewMohawk and @paulRchds of @Paterva @NoobieDog, @glennzw and @charlvdwalt of @SensePost @dcuthbert Thanks
Maltego “Have I been pwned?” Christian Heinrich Follow me on
Twitter at @cmlh
[email protected]
Latest Slides https://www.slideshare.net/cmlh/maltego-have-i-been-pwned https://speakerdeck.com/cmlh/maltego-have-i-been-pwned https://github.com/cmlh/Maltego-haveibeenpwned/tree/master/Presentation
SiteGround - Reliable hosting with speed, security, and support you can count on.
cmlh
nazonohito51
yakumo
yamanoku
nekomaho
kubell_hr
kaomi_wombat
a2ush
yukiogawa
marcthompson_seo
stefafafan
sansantech
knishioka
jonyablonski
mza
mayatellez
konakalab
sarafernandez
tonyrice
asonas
tammyeverts
axbom
kimpetersen
smashingmag
katarinadahlin
![Maltego “Have I Been Pwned?” Christian Heinrich DEFCON China [Beta]](https://files.speakerdeck.com/presentations/42082f9f27ef4408aade470061a0eff0/slide_0.jpg){kind=link}
![Agenda 1. Integration of the API [v1 and v2], including](https://files.speakerdeck.com/presentations/42082f9f27ef4408aade470061a0eff0/slide_3.jpg){kind=link}
