We covered an introduction to Maltego for reconnaissance, information gathering and threat intelligence. We covered how to work with entities and transforms in addition to installing and configuring transforms. We ran a few transforms to retrieve DNS, email address and IP address information. This was part of TryHackMe red team pathway.. This video was part of TryHackMe Red Team Recon which is under the Red Team Track.
Maltego OSINT Framework
Maltego is an application that blends mind-mapping with OSINT. In general, you would start with a domain name, company name, person’s name, email address, etc. Then you can let this piece of information go through various transforms.
The information collected in Maltego can be used for later stages. For instance, company information, contact names, and email addresses collected can be used to create very legitimate-looking phishing emails.
Think of each block on a Maltego graph as an entity. An entity can have values to describe it. In Maltego’s terminology, a transform is a piece of code that would query an API to retrieve information related to a specific entity.
It is crucial to mention that some of the transforms available in Maltego might actively connect to the target system. Therefore, it is better to know how the transform works before using it if you want to limit yourself to passive reconnaissance.
What is the name of the project that offers a transform based on ATT&CK?