Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Maltego - "Have I been pwned?"

Avatar for Christian Heinrich Christian Heinrich
July 29, 2017
Technology
480
0

Maltego - "Have I been pwned?"

Integration of "Have I been pwned?" with Maltego

Avatar for Christian Heinrich

Christian Heinrich

July 29, 2017

More Decks by Christian Heinrich

See All by Christian Heinrich
ssh
Avatar for Christian Heinrich cmlh
2
390

Other Decks in Technology

See All in Technology
Datadog 認定試験の概要と対策
Avatar for Uechi Shingo uechishingo
0
230
プラットフォームエンジニア ワークショップ/ platform-workshop
Avatar for Databricks Japan databricksjapan
0
220
Spring AI × MCP 入門〜AIエージェントへのツール公開、境界設計から始める最小構成 〜
Avatar for 宮本裕也 yuyamiyamoto
0
210
Oracle AI Database@Google Cloud:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.5k
「気づいたら仕事が終わっている」バクラクAIエージェント本番運用の裏側 / layerx-bakuraku-aie2026
Avatar for Yuya Matsumura yuya4
18
8.9k
AI フレンドリーなエラー監視を TypeScript で実現する
Avatar for Shinobu Hayashi shinyaigeek
2
240
大学生が本気でDatabricksを活用してDiscordサークルをデータ駆動させてみた
Avatar for Kazuki Date phantomjuju
1
330
AI Adaptable なテストを整える工夫 / Ways to Make Your Tests AI-Adaptable
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
PRO
2
200
OCI Oracle AI Database Services新機能アップデート(2026/03-2026/05)
Avatar for oracle4engineer oracle4engineer
PRO
0
170
個人AIからチームAIへ:開発における品質と生産性の再設計
Avatar for Atsushi Nakatsugawa moongift
PRO
0
370
Oracle AI Database@AWS:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
4
2.8k
「コーディング」しない人のための Claude Code 入門 ChatGPT の次の一歩 — 業務に組み込む 育成・共有・自動化
Avatar for ふくだ(fukuda ryu) rfdnxbro
2
1.1k

Featured

See All Featured
Building AI with AI
Avatar for Ines Montani inesmontani
PRO
1
1k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Information Architects: The Missing Link in Design Systems
Avatar for Michelle Chin soysaucechin
0
960
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.3k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
210k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
55k
AI Search:
Where Are We & What Can We Do About It?
Avatar for Aleyda Solis aleyda
0
7.5k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
10
1.2k
Crafting Experiences
Avatar for Bethany Jepchumba bethany
1
160
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.5k
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
140
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
1
1.3k

Transcript

  1. Maltego “Have I Been Pwned?” Christian Heinrich DEFCON China [Beta]

    (2018) “Demo Labs” and “Recon Village”

  2. https://www.slideshare.net/cmlh/maltego-have-i-been-pwned https://speakerdeck.com/cmlh/maltego-have-i-been-pwned https://github.com/cmlh/Maltego-haveibeenpwned/tree/master/Presentation Don’t forget to look at each Slide

    Note. Latest Slides

  3. https://www.linkedin.com/in/ChristianHeinrich Developer of Local and Remote Maltego Transforms for: @Facebook

    @Instagram @Gravatar @RecordedFuture @TAIA Global REDACT™ @VirusTotal @FullContact Python Modules from @CanariProject and @Paterva https://github.com/search?q=user%3Acmlh+Maltego $ whoami

  4. Agenda 1. Integration of the API [v1 and v2], including

    “Pwned Passwords” 2. Configuration of Maltego: • Import configuration file • “Transform Hub” 3. Case Studies • Penetration Tester • Incident Responder

  5. “Have I Been Pwned?”

  6. Integrated Single API v1 Endpoint. Supports all API v1 HTTP

    Status Codes i.e. 200, 400 and 404. @haveibeenpwned – API v1

  7. @haveibeenpwned – API v1

  8. Integrated API v2 Endpoints: 1. Getting all breaches for an

    account 2. Getting all pastes for an account 3. Getting all breached sites in the system 4. Getting a single breached site @haveibeenpwned – API v2

  9. Supports all APIv2 HTTP Status Codes i.e. 200, 400, 403,

    404 and 429. Rate Limit • All breaches for an account i.e. e-mail address and alias. • All pastes for an e-mail address @haveibeenpwned – API v2 – Rate Limit

  10. Integrated Single API v1 Endpoint. Supports all API v1 HTTP

    Status Codes i.e. 200 and 404. “Pwned Passwords” – API v1

  11. Integrated API v2 Endpoints: • Searching by Password • Searching

    by Range Supports all API v1 HTTP Status Codes i.e. 200 and 404. “Pwned Passwords” – API v2

  12. Installation

  13. 1. “Account” 1. maltego.EmailAddress 2. maltego.Alias 2. “Site” 1. maltego.Domain

    2. Maltego.Phrase @haveibeenpwned – Maltego Input Entities

  14. @haveibeenpwned – maltego.Alias Entity

  15. @haveibeenpwned - Paste

  16. @haveibeenpwned - Paste

  17. @haveibeenpwned – Maltego Machines

  18. @haveibeenpwned – Maltego Machines

  19. @haveibeenpwned – Maltego Machines

  20. @haveibeenpwned – Maltego Machines

  21. @haveibeenpwned – <DisplayInformation>

  22. @haveibeenpwned – <DisplayInformation>

  23. 1. haveibeenpwned.Password • Inherits from maltego.Phrase 2. maltego.Hash “Pwned Passwords”

    API v2 – Input Entities

  24. “Pwned Passwords” API v2 – Range

  25. @troyhunt of @haveibeenpwned @SudhanshuC of the forked Maltego local transforms

    @RoelofTemmingh, @AndrewMohawk and @paulRchds of @Paterva @NoobieDog, @glennzw and @charlvdwalt of @SensePost @dcuthbert Thanks

  26. Maltego “Have I been pwned?” Christian Heinrich Follow me on

    Twitter at @cmlh [email protected] Latest Slides https://www.slideshare.net/cmlh/maltego-have-i-been-pwned https://speakerdeck.com/cmlh/maltego-have-i-been-pwned https://github.com/cmlh/Maltego-haveibeenpwned/tree/master/Presentation