SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP...
Transcript of SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP...
![Page 2: SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP Product matt@recordedfuture.com](https://reader033.fdocuments.us/reader033/viewer/2022042002/5e6de97bac229c0b500887b9/html5/thumbnails/2.jpg)
OSINT finds are out there!
2
vs.
http://mmqb.si.com https://twitter.com/mattyglesias/status/303994450605142018
![Page 3: SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP Product matt@recordedfuture.com](https://reader033.fdocuments.us/reader033/viewer/2022042002/5e6de97bac229c0b500887b9/html5/thumbnails/3.jpg)
Selected challenges
3
![Page 4: SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP Product matt@recordedfuture.com](https://reader033.fdocuments.us/reader033/viewer/2022042002/5e6de97bac229c0b500887b9/html5/thumbnails/4.jpg)
Iterative investigation
4
![Page 5: SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP Product matt@recordedfuture.com](https://reader033.fdocuments.us/reader033/viewer/2022042002/5e6de97bac229c0b500887b9/html5/thumbnails/5.jpg)
Frictionless access to intel info
Probe a collection
Expand set of observables
Pivot investigation focus
Prune to indicators
6 http://www.teamusa.org/USA-Bobsled-Skeleton-Federation/Features/2014/December/31/14-best-moments-of-2014
![Page 6: SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP Product matt@recordedfuture.com](https://reader033.fdocuments.us/reader033/viewer/2022042002/5e6de97bac229c0b500887b9/html5/thumbnails/6.jpg)
Why Maltego?
Available and affordable
“Analyst owned and operated”
Got data? Just paste.
Extensible and connectable
7
![Page 7: SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP Product matt@recordedfuture.com](https://reader033.fdocuments.us/reader033/viewer/2022042002/5e6de97bac229c0b500887b9/html5/thumbnails/7.jpg)
What we’ve learned
Tips for linking your data to Maltego
in a live demo form factor J
8
![Page 8: SANS Maltego Kung-Fu · Maltego Kung-Fu Exploiting Open Source Threat Intelligence Matt Kodama VP Product matt@recordedfuture.com](https://reader033.fdocuments.us/reader033/viewer/2022042002/5e6de97bac229c0b500887b9/html5/thumbnails/8.jpg)
Conclusion: the takeaways
• Turnkey TDS access Optimize for “I’m too busy”
• Keep transforms atomic Enable creative mashups
• Transparent results Good analysts are skeptics
• What & When Time will matter
• Expect mystery meat If you knew, you wouldn’t ask
• Keep your ears open! Acknowledgements
9