Get best of the week

Maltego Part 4. VK, Instagram, LinkedIN and other fantastic critters

Hello again, dear friends. Once again we are preparing to plunge into the beautiful world of OSINT.



The articles in our series are being added, so it’s time to introduce some kind of table of contents, because there will only be more of them. So, what we have already examined in Maltego:

Part 1 - What is Maltego and why is it needed

Part 2 - Interface and basic device

Part 3 - Maltego and OSINT on Facebook

Facebook we examined. Now let's go through the rest of the social networks that may be useful to us during OSINT.

Instagram





In the article about Facebook, we already talked about how you can get to your account on social networks, so we won’t stop here again. Let’s better see what information can be taken out of a user’s profile on Instagram.



First, we convert the Instagram link to the correct Entitie, but this is not the task - the Entitie is empty. Received only User ID. We upload all other data using Transform - [Instagram] User Details. At the exit, we get a correctly filled Entitie for Instagram profile.

Now for the basic functions.



[Instagram] User Followers - upload a list of user's subscribers;
[Instagram] User Following - upload a list of those that the user has subscribed to;
[Instagram] User Media - upload user photos and videos;
[Instagram] User Tagged Media - upload media files marked by the user.

If you freak out and cross over all the points, then for the account of the average person we get this picture:



The first problem comes up by itself from the internal structure of the social network. Since in Instagram all page formats are accounts in any case, we can only separate subscriptions and subscribers by the marks above Links. If we include the Entities grouping, then they all merge for us into a single block.



To work with the uploaded photos and videos, we have the following Transforms:



[Convert] To Entitie - unloads and converts to add. Entities account URL, photo / video URL and Alias ​​account;
[Convert] To Location - unloads Entitie with geolocation photos;
[Face Recognition] Search - identifies the faces in the photo and launches a search on them with the credentials of the photo owner;
[Instagram] Comments - unloads user accounts that have left comments under the photo / video;
[Instagram] Get Likes - unloads accounts of users who like photos / videos;
[Instagram] To Photo | Video Details - uploads available photo / video data to Entitie;
[Instagram] To Profile - provides the profile of the user who owns the photo / video.

Further, I decided to test whether other social networks of a person can be found on the go using Transforms from the Search Profile in Other Networks group.



All these Transforms are tied to the Face Recognition mechanism, which we will discuss in a separate article. I didn’t get too smart and launched everything at once, since there are few of them and the final information output will be small: either there is an account or not.

Note Author: Never! Do you hear? NEVER run the ALL TRANSFORMS item ! This is for your own good. What you get in the end will be just a giant mishmash of Entities and Links. When carrying out OSINT using Maltego, you should run several Transforms, as described above, only if you have a clear idea of ​​what the final information output is waiting for you. Progressive progress during OSINT is the key to victory.
The result surprised me, to say the least! My LinkedIN profile popped up instantly:




But according to Hideo Kojima, an even more entertaining information output was obtained:



Managed to fish out:
- 1 VK account;
- 4 Facebook accounts;
- 1 Foursquare account; 
- 3 Twitter accounts;
- 1 Xing account (analogue of LinkedIN);
- 1 MySpace account.

LinkedIN





Here LinkedIN itself asked for it. Let's see what information we can remove from the account of this social network using Maltego. And let's probably take someone more interesting than me. Bill Gates, for example.



So, for the account we have access to:
[Linkedin] People Also Viewed - downloads the list of the last users who viewed this account,
[Linkedin] User Details - downloads and creates the Entities of the company, educational institution and place of residence based on the information specified in the profile;
[Linkedin] User Posts - unloads all user posts;
[SL DB] Get Email by Linkedin Profile - search for an e-mail of a user in the Social Links database by LinkedIN account.



For Entitie Company we can do the following:



[Convert] To Entitie - downloads Entitie links from the URL of a company profile picture;
[Linkedin] Company Details - uploads Entities office locations and affiliate company profiles;
[Linkedin] Current Employees - uploads a list of profiles that indicate that they work in the company;
[Linkedin] Past Employees - uploads a list of profiles that indicate that they worked for the company.

When receiving information through the Transform [Linkedin] Company Details for the test for Microsoft, we have the output:


Note Author: By the way, there is another interesting OSINT technique for Maltego. By Entitie location, we can download from the OpenCorporates database a list of all companies located at the specified address. Further, for the company that interests us, we can search for its accounts on various social networks.




According to the Entities of the educational institution and the Transform user post, there is no information for uploading.

In contact with





So we finally got to VKontakte. Well, since we already have a Hideo Kojima account in VK, we will continue with it. The account is exactly his. Infa - weaving!



For information, we have the following Transforms in our arsenal:



[Vkontakte] Friends - upload a list of friends;
[Vkontakte] User Details - upload user information as separate Entities;
[Vkontakte] User Groups and Pages - upload a list of user groups and pages;
[Vkontakte] User Photos - upload a list of user photos;
[Vkontakte] User Posts - upload a list of user posts;
[Vkontakte] User Videos - upload a list of user videos.

The final output looks something like this:




Now let's dig a little deeper and find out what we can get by individual Entities.
For Groups and Pages, everything is simple - we can get a list of users who are members of them and subscribe to them, respectively. User lists are uploaded, mutual subscription links are built. Do not forget to clean the graph from deleted accounts (DELETED). They are, in common people in SMM-schiki - dogs.



For Posts, Videos and Photos, only one Transforms is available to us - upload a list of users who like a post / video / photo. Let's upload the lists and drop the info on the graph. Everything is in place and before us again the gates of the OSINT-hell)

We are not the first to see this. We begin to clean the issue. First, we remove all the lists, and then we begin to look at the resulting links manually.

After 5 minutes, the picture begins to emerge.



Well, in less than 10 minutes, and with the help of such banal, at first glance, techniques, we calculated the BEST OF THE BEST Kojima fans. These are people who are in all groups, are friends with Kojima and like the last 3 of his posts, photos and videos.



Twitter





According to the media of the whole world, posts in this social network are equated with official statements and statements.

Such an Ilon Mask tweeted in 2018 that it would not be bad to take the company off the exchange and it seems that there is even an investor, and how it FAST ... Media already trumpeted in the morning that Tesla was leaving the exchange, stock quotes soared by 11%, commission United States Securities Authority (SEC) has launched an investigation into the manipulation of the securities market. And all this because of one tweet.
As a result, the SEC in an out-of-court order has ensured that now Elon Musk is obliged to coordinate with them any of his posts that relate to Tesla in any social networks.

Here is such a Twitter. The mother of hashtags and the battlefield of holivars of all stripes.

Well, since we started with Ilona Mask, we will continue with him. On Twitter, we can:



[Twitter] Get info from password recovery page - get information from the password recovery page ;
[Twitter] To User Followers - upload a list of followers;
[Twitter] To User Following - upload a list of those to whom the user is subscribed;
[Twitter] User Details - upload to the profile information from the account.

However, if we go to All Transforms and type Twitter in the search, we will see a slightly more detailed picture. This is due to the fact that with Transforms from Social Links, Transforms for Twitter from Paterva themselves are also included.



To the already specified Transforms are added:

[Twitter] To User RT - unload user retweets;
[Twitter] To User Tweets - upload user tweets;
[Twitter] To User Tweets + RT - upload tweets + retweets;
To Twitter Affiliation [This person receives Tweets from?] - upload a list of users who tweeted to this user;
To Twitter Affiliation [This person wrote Tweets to?] - upload a list to whom the user wrote tweets;
To Twitter details [From Twitter number or screen name] - analogue of [Twitter] User Details;
To Twitter followers - analog [Twitter] To User Followers;
To twitter friends- analog [Twitter] To User Following;

As in all previous cases, the success of OSINT using all these Transforms depends solely on how you build your line of investigation and what methods you use.


Note Author: in general, for ordinary people from Twitter you can get a lot of useful and not very information, if, of course, they use it.

When searching for information on Twitter (and generally in any social networks), avoid going through links to various media personalities. They have a VERY large number of followers and tweets. Moreover, when I say "big", I am talking about the amount of 100 thousand! With such volumes, even Maltego XL will not help you.

Github




Well, what is GitHub, I believe, is no secret to anyone. Just the world's largest web service for hosting and joint development of IT projects.



But what secrets does he keep?

For information, we need a GitHub account and an API key that can be generated in your account’s account. Based on the instructions on the Social Links website, uncheck all the boxes when creating the token.



Token created and added to Maltego. We can proceed.

[Github] Followers - unload the list of subscribers;
[Github] Following - upload a list of subscriptions;
[Github] Get Email - upload an e-mail account to a graph;
[Github] Organization - upload the Entitie of the organization specified in the account to the graph;
[Github] Starred - unload the list of repositories that the user marked;
[Github] User Details - upload user information;
[Github] User Repos - unload the list of user repositories;
[Github] User Subscriptions - unload user subscriptions.



There is also a wide range of Transforms for uploading the composition of repositories to a graph, but in this article we consider GitHub in terms of receiving information from users.



And here is also a complete set, if a person has filled it in his profile, of course.



Further, it all depends on your knowledge of OSINT methods and the ability to analyze and link together the information received.

Odnoklassniki.ru



Classmates —– it is your time! It may seem to many that this social network is unremarkable, in fact, it provides a lot of help in finding information for people aged 40+.

In my practice, OSINT, at least 7 times, I used the full information that I could find in this social network.

But for starters, as an information security specialist, I want to express my RESPONSE with the absolutely absurd requirement of the social network to pay money to make my profile completely private. Think I'm joking?





For changing all these parameters to private, you will be asked for a money. And the point is not in the ridiculous amount of 50 rubles, but in the fact that it is not very ethical to ask people for money for privacy. And this I am silent about other aspects of the monetization of Classmates. Not far away is the day when message packs will be sold there, as they used to buy SMS by the piece.

In terms of OSINT, however, this makes the task easier, because not all people are bothered by buying these options.

Unfortunately, for this social network we have, so far, only the ability to upload a list of friends and information from an account to a graph. For basic methods, this, of course, is enough, but I would like more opportunities. Transforms is actively expanding from the side of Social Links and I think that the functionality will be very similar to the set of Transforms for VKontakte.
. : Maltego Entities. , , Entitie — Person . Entitie . .





, Entitie Transforms, Entitie, Entitie — Person. , OSINT .






All the rest: Gravatar, Xing, Myspace, Snapchat and My World are presented as separate Entities with a set of parameters that are uploaded to the properties and to the graph if necessary.



However, there are no full-fledged Transform for working with Entities of these networks. The exception is, perhaps, Foursquare. In it, you can upload a list of friends.

But here we can get a lot of useful information. Within OSINT, information from these networks can be used to confirm information that has already been identified and to reveal additional channels for searching for information in the form of a network of contacts, connected profiles of other social networks, places of work, work e-mails and telephones.



That's all with social networks and Maltego for today. As it turned out, everything is not so complicated and confusing, right?

Do not miss the next article, in which we will consider the facial recognition mechanism in the photo from Social Links and how it works in the Maltego ecosystem.

More articles:


All Articles