Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

Brief tutorial on Maltego in KaliLinux

-

How to run Maltego Chlorine

What is Maltego

Maltego is proprietary software by Paterva commonly used for open-source intelligence and forensics,. It mainly focuses on discovering of data from open sources and visualizing that information suitable for link analysis and data mining. The core focus of the application is to analyze real-world relationships between people or a group, sometimes websites, domains or even networks, internet infrastructure, and connection with online social networking sites. Maltego has gained lots of attention from security researchers, according to the Open Web Application Security Project (OWASP).


A pentester will attempt to gather as many information about the target as possible from the internet before executing an attack. This enables the pentesting to be much more refined and focused than if it were carried out without having much information about the target.
It gathers all publicly available information about the target from search engines. Maltego largely automates the information gathering process about the target, thus saving a lot of time for the pentester

We can enumerate various kinds of information about the target from the information provided to us. Maltego enumerates email addresses, URLs, social network profiles of a person and his mutual connections between two people. This information can be later for a social engineering attack

What is Maltego CE?

Maltego CE is the community version of Maltego. It is available for free, but only after a online registration. Maltego CE includes all most the same functionality as of the commercial version, but still it has some limitations. The community edition (CE) application cannot be used for commercial purposes at all and also there is a limitation for the maximum number of entities that can be returned from a single scan. In the community edition there is no export functionality for the graph it is only available in the commercial versions. The world most famous penetration distro Kali Linux has Maltego Chlorine which is tailored exclusively for Kali Linux. Hence pentesters call it “Maltego kali”

  1. To run Maltego Chlorine in Kali Linux
  2. Open a terrminal
  3. Type Maltego and hit enter
  4. If you've already registered and logged in it will automatically ask for "machine to run" (which method)
  5. Next option will be asking for domain name click finish and wait for it to come.
see Maltego in action

https://youtu.be/4NcQP-JhU1Y 


 

Comments

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more