Tuesday, November 29, 2011

Racing against time the developers...CaseFile (OSX)

Racing against time the developers knew that the entire IC was watching, constantly refreshing the Paterva blog and Twitter feed for news of the CaseFile (beta) OSX release. With blood running from their raw fingertips they put the final touches on the DMG package and SCP-ed it across the intertubes to the Paterva website. It took a while to get there but when the upload finally finished there was a sense of achievement  and accomplishment around the office. The devs looked at each other, their eyes still wide from the adrenaline rush of putting out yet another release.

Tomorrow they will back at their desks again, changing the world of intelligence gathering one line of code at a time.

You can play/look at/use their work by simply clicking on the link below:
[Maltego CaseFile (beta) build 1950 DMG]

Monday, November 28, 2011

More details about Maltego CaseFile and Maltego 3.1

So far we've had very positive feedback on [Maltego CaseFile]. We've had the same questions from various people and I've decided to put the answers here on the blog:

Q: Will CaseFile be available for OSX and Linux?
A: Yes. We will have an OSX version very soon - hopefully within this week. Like the Win version, it's still beta. If there is enough interest in a Linux version (beta) we'll put one together.

Q: When is the official release of CaseFile?
A: Hopefully early in 2012.

Q: Will Maltego 3.1 have the same features as CaseFile?
A: Yes, and if you have a license you get a free upgrade from 3.0.4 to 3.1. Out of the box Maltego 3.1 will not come with all the CaseFile entities, but you will be able to export them from CF to 3.1 as you need them. You will be able to open CF graphs in 3.1 and use transforms on CF entities as always.

Q: What do you mean CaseFile will be"almost free"?
A: We will sell CaseFile for around $200 per copy - perhaps in batches of 5. If you are a corporation or an organization that use CaseFile for commercial reasons you should buy licenses. If not - you are welcome to use the community edition free of charge. The only difference will be the background. We believe people will do the right thing and support us.

Q: Will there be a Maltego 3.1 community edition?
A: Yes - we normally release community editions a few weeks after the commercial edition.

We are also working on Maltego 4.0 - people that saw the 44Con talk in London would know what it's all about. 4.0 will change the way you think about information forever...

Wednesday, November 23, 2011

Maltego CaseFile Beta released

We are proudly releasing Maltego CaseFile Beta today. Yup - after some time we feel CaseFile is ready to see the light. And best of all - it's free - no registration, no silly forms or CAPTCHAs - just download and go.

CaseFile is aimed at analysts that do not necessarily use open sources of intelligence (or even the Internet for that matter). Think of it as Maltego without transforms but with tons of new features. Adding/attaching photos, documents and annotations to nodes, graph merging, better integration with browsers, passwords on graphs, and tons of new useful entities - and this is just a few of the goodies we've added into CaseFile.

To get a better idea of what CaseFile is and where it fits in with Maltego (as well as our future plans with it) we've made a 10 minute demo video on it - here you can see features explained and demonstrated in real time:

The download links for CaseFile beta:
[ 32 bit (with JRE) ]
[ 64 bit (with JRE) ]

Let us know what you think of CaseFile Beta- we're very curious!

Monday, November 14, 2011

New Maltego video (SQL DB integration), new web front page

We've made another video - yes I know we said we'll stop at five, but we've realized that we never ever showed anyone our [SQLTAS] (blame it on the lack of salesman genes). So - just before our year end function Andrew and I whipped up another video. We shot it here in the office and it deals with hooking Maltego onto SQL databases. It's added to the [Youtube playlist] as video 6.

We've also changed the front page of [our website] - it now shows some stills from the videos and I think it looks rather nice. We are thinking of putting all of the videos (in yummy 720p) on a DVD that we'll give away for free (minus cost). We noticed that many of our clients don't have Internet access at work....;) If you are interested in this [let us know].

Tuesday, November 8, 2011

We're doing 91% fine thanks - Sectools & Blackhat

We don't get out much. In our line of business we rarely get to speak to people face to face (expect when we train). To determine if your business is doing OK you look at comments from people - on Twitter, forums, in mailing lists or direct email. You look at number of downloads, number of licenses sold. You look at the number of pageviews on your website and this blog. Every now and then a number comes along that's just a little bit more important.


The [SecTools Top 125 tools] is like the Oscars for security tools. Right - everyone knows that it's impossible and unfair to compare the [traceroute command] (21) to [Google] (26) or [VMware] (43) to [Python] (23), but this list is a start. It's an indication. The the survey ran in 2000, 2003, 2006 and now in 2011 (unless I missed one?).

So how did we do?

In a nutshell - pretty OK. Overall [Maltego] made number 34 (of 125). If this was an exam we'd have 72.8%. We were voted nr. 1 in the [Forensics] category - and while this is great I am sure the hard core forensics guys have their own list that they keep somewhere. What's really awesome is that we're nr. 4 of all [new tools] - and there are 49 new tools in the list (91.8%). A new tool means it was released since the [last run] - which was in 2006. Being nr. 4 in security tools released in the last five years - that's something we're really proud of. Especially when you think that Maltego is not a dedicated security tool! (I guess neither is Python, Google, VMware or traceroute...;)

Fyodor - thanks for putting this together. I am sure it's a ton of work. 

BlackHat Vegas training 2011 - feedback.

Another hard, real number is the BlackHat (Vegas) training feedback. We got ours yesterday. Keep in mind that we did two classes and on day one of the first session the hotel internet connection was dead. Someone wrote "Paterva was great. Not having Net for the first day was annoying". Some of our session two students wrote "Roelof and Andrew were superb! It was obvious to everyone in the class how well prepared they were." and "Very well done; very personal and good hands-on pracs.".

Our average score for the two sessions combined?  
91.22% YEAAH!

Wednesday, November 2, 2011

Tuesday, November 1, 2011

Extending Maltego - video tutorial nr 5.

After being almost hit by Highveld lightning we've decided to call it quits on making more Maltego videos for now. But we did produce a final one for 2011 - it's all about extending Maltego with your own custom entities and transforms. Having the patience of a saint Andrew will explain to you exactly how it's done - in 15 minutes.

The link to the video is [here] or you can click below: