Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Maltego - "Have I been pwned?"
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Christian Heinrich
July 29, 2017
Technology
480
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Maltego - "Have I been pwned?"
Integration of "Have I been pwned?" with Maltego
Christian Heinrich
July 29, 2017
More Decks by Christian Heinrich
See All by Christian Heinrich
ssh
cmlh
2
390
Other Decks in Technology
See All in Technology
Microsoft のサポートとフィードバック総まとめ
murachiakira
PRO
0
110
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
110
Flow 不死:AI 時代 DevOps 的不變本質
cheng_wei_chen
2
500
從開發到部署全都交給 AI:實作 AI 驅動的自動化流程
appleboy
0
160
感情と身体を置き去りにしない、エンジニアの生きのこり方 ──いまから、ここから「自分の状態」を扱うという選択
saorimurooka
0
330
AI 不只幫你寫 Code: 當專案從 300 暴增到 1500, 我們如何撐住 DevOps
appleboy
0
220
あなたの知らないPDFのアクセシビリティ
lycorptech_jp
PRO
0
240
WebGIS AI Agentの紹介
_shimizu
0
550
When Platform Engineering Meets GenAI
sucitw
0
170
AIチャット検索改善の3週間
kworkdev
PRO
2
170
LayerX コーポレートエンジニアリング室におけるサプライチェーンセキュリティへの取り組み / Supply Chain Security at LayerX Corporate Engineering
yuyatakeyama
3
830
PostgreSQL 19 新機能概要 OSC Hokkaido 2026
nori_shinoda
0
240
Featured
See All Featured
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
62
44k
Evolving SEO for Evolving Search Engines
ryanjones
0
220
Done Done
chrislema
186
16k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.6k
The Limits of Empathy - UXLibs8
cassininazir
1
370
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
210
Making Projects Easy
brettharned
120
6.7k
Balancing Empowerment & Direction
lara
6
1.2k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.2k
Facilitating Awesome Meetings
lara
57
7k
BBQ
matthewcrist
89
10k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
210
Transcript
Maltego “Have I Been Pwned?” Christian Heinrich DEFCON China [Beta]
(2018) “Demo Labs” and “Recon Village”
https://www.slideshare.net/cmlh/maltego-have-i-been-pwned https://speakerdeck.com/cmlh/maltego-have-i-been-pwned https://github.com/cmlh/Maltego-haveibeenpwned/tree/master/Presentation Don’t forget to look at each Slide
Note. Latest Slides
https://www.linkedin.com/in/ChristianHeinrich Developer of Local and Remote Maltego Transforms for: @Facebook
@Instagram @Gravatar @RecordedFuture @TAIA Global REDACT™ @VirusTotal @FullContact Python Modules from @CanariProject and @Paterva https://github.com/search?q=user%3Acmlh+Maltego $ whoami
Agenda 1. Integration of the API [v1 and v2], including
“Pwned Passwords” 2. Configuration of Maltego: • Import configuration file • “Transform Hub” 3. Case Studies • Penetration Tester • Incident Responder
“Have I Been Pwned?”
Integrated Single API v1 Endpoint. Supports all API v1 HTTP
Status Codes i.e. 200, 400 and 404. @haveibeenpwned – API v1
@haveibeenpwned – API v1
Integrated API v2 Endpoints: 1. Getting all breaches for an
account 2. Getting all pastes for an account 3. Getting all breached sites in the system 4. Getting a single breached site @haveibeenpwned – API v2
Supports all APIv2 HTTP Status Codes i.e. 200, 400, 403,
404 and 429. Rate Limit • All breaches for an account i.e. e-mail address and alias. • All pastes for an e-mail address @haveibeenpwned – API v2 – Rate Limit
Integrated Single API v1 Endpoint. Supports all API v1 HTTP
Status Codes i.e. 200 and 404. “Pwned Passwords” – API v1
Integrated API v2 Endpoints: • Searching by Password • Searching
by Range Supports all API v1 HTTP Status Codes i.e. 200 and 404. “Pwned Passwords” – API v2
Installation
1. “Account” 1. maltego.EmailAddress 2. maltego.Alias 2. “Site” 1. maltego.Domain
2. Maltego.Phrase @haveibeenpwned – Maltego Input Entities
@haveibeenpwned – maltego.Alias Entity
@haveibeenpwned - Paste
@haveibeenpwned - Paste
@haveibeenpwned – Maltego Machines
@haveibeenpwned – Maltego Machines
@haveibeenpwned – Maltego Machines
@haveibeenpwned – Maltego Machines
@haveibeenpwned – <DisplayInformation>
@haveibeenpwned – <DisplayInformation>
1. haveibeenpwned.Password • Inherits from maltego.Phrase 2. maltego.Hash “Pwned Passwords”
API v2 – Input Entities
“Pwned Passwords” API v2 – Range
@troyhunt of @haveibeenpwned @SudhanshuC of the forked Maltego local transforms
@RoelofTemmingh, @AndrewMohawk and @paulRchds of @Paterva @NoobieDog, @glennzw and @charlvdwalt of @SensePost @dcuthbert Thanks
Maltego “Have I been pwned?” Christian Heinrich Follow me on
Twitter at @cmlh
[email protected]
Latest Slides https://www.slideshare.net/cmlh/maltego-have-i-been-pwned https://speakerdeck.com/cmlh/maltego-have-i-been-pwned https://github.com/cmlh/Maltego-haveibeenpwned/tree/master/Presentation