Friday, March 13, 2015

Connecting the links

Hello there,

Today I am going to talk a bit about our new Linkedin transforms that we have been working on. Linkedin is all about finding connections between people so what better way to visualize this information than in Maltego. I set out to build some Linkedin transforms that could help show connections between Linkedin users, their shares and company profiles that may not be easy to identify on Linkedin itself. All the transforms that I built here use the Linkedin developer API so you can log into your own Linkedin account from Maltego and start visualizing your Linkedin network.

Linkedin's API provides awesome search functionality for finding people and companies by allowing you to refine your searches with additional search parameters making it a lot easier to find profiles with common names. Our Linkedin transforms allow you to enter these additional search parameters using transform settings (transform pop-ups). To search for a Linkedin company profile from within Maltego you will start with a phrase entity and run the transform Linkedin Company Search, a transform setting will pop-up asking you if you want to specify a county-code. Running this transform on the phrase ‘KPMG’ without specifying a country-code results in the graph below:
The results returned from the Linkedin Company Search transform are weighted according to relevance meaning that the entity in the top left-hand corner is the most relevant result for your search. In the detail view there are links to the company's Linkedin profile page and to their website as shown in the image above. There are a range of transforms that you can now run on the Linkedin company profile entity which are listed in our shiny new context menu also shown in the image above. One of the highlights of these transforms is the To Email Domain which returns domains that the company has specified they receive email on. This transform often returns loads of results which is great if you are looking for sub-domains for that company. Running the To Email Domain transform on the first company profile from our 'KPMG' search results in 34 different email domains many of them being sub-domains of The result is shown below:
If you are ever looking to mine email addresses for a company this is probably a good place to start but that is a bit off topic for this post so I will leave that for you to try on your own. 

To search for a person’s Linkedin profile from Maltego you run the Linkedin People Search transform on a person entity, three transform settings will pop up allowing you to specify this person's company name, the country code of their home country and a past school of theirs. These transform settings are really useful when searching common names, for example when searching the name John Doe while specifying a country-code IR (Iran) you will receive only two Linkedin profiles. If you had to exclude the country code from this search you would be flooded with results. The image below shows this search result as well as the context menu which shows all the transforms that can be run on a Linkedin Affiliation entity:
The Detail View in this image shows additional information about the user that is selected which includes their Linkedin headline, location and the industry they work in.

Currently the Linkedin People Search transform returns the 25 most relevant results for your search while the Linkedin Company Search transform will return the 20 most relevant company profiles for your search.

Okay enough with the details, let’s move onto an example of how this can be used: imagine you wanted to inform as many Linkedin users from a particular company of something without directly messaging them and without them being aware that they are being fed targeted information. How we could do this is as follows: start by finding our target company's Linkedin profile, from our target company's profile we then run the transform To Affiliations [only in your Network], this transform will return all the users in your network who work (or worked) at that specific company. This results in the following graph:

From all these users we then want to see what shares are currently showing in their news feed, to do this we run the transform To Shares in User’s Network. This results in the following graph (shown in bubble view on the left):

This graph is quite large but by selecting all the shares and ordering them according to their number of incoming links we find that there is a single share that is currently on 23 news feeds belonging to users at our target company. Taking this share plus its incoming links to a new graph results in the following:

Now if we were to post a comment on this share we know that our comment would show up on 23 Linkedin user's news feeds that work (or worked) at our target company.

Next we want to find who authored this share, to do so we run the transform To Share’s Author on this share which reveals who it was initially posted by. Finally we run the To Companies transform on this user that reveals the company that this user works for:

This user’s Linkedin profile seems to be quite popular amongst users from our target company so its owner may be a person of interest if we were really targeting this organization. The next step would be to find this profile owner's email address which could be done by finding the companies email address domain and then their naming format for their email address but again this is out of the scope of this blog post.

I have one last highlight from our new Linkedin transforms that I want to mention before its time to go. The To Entities [Using AlchemyAPI] transform can be run on a Linkedin share entity, this transform will extract people’s names, places and company names that are mentioned in the share article. It is a nice way to easily identify topics that are being discussed across multiple shares in your Linkedin network.

A quick word about rate limits on the Linkedin API, to use these transforms you will need to log into your Linkedin account from Managed Services in Maltego, most of the API calls that these transforms use are limited to around 300 calls per day per user, when you reach your limit for the day you will receive a message in your transform output notifying you and you will have to wait until midnight UTC for your limit to be reset for your account. The Linkedin People search and the To Affiliations [in your network] transforms have a much stricter limit so you might find that you reach the limits for these transforms a lot quicker.

For those of you who have upgraded to Maltego Chlorine the Linkedin transforms will be arriving in your Transforms hub shortly, you will be able to add them to your Maltego client simply hitting the install button. For those of you who are still running Carbon here is the seed-url:

Enjoy responsibly


Tuesday, March 3, 2015

Maltego Chlorine is ready for download


New release is called Chlorine - was a tough one. It's an awesome release. We fixed many bugs and built many features.

You should download it. Now. [ Here ].  Or click on the pretty picture.
Release video is [ here ].

The full story

Here at Paterva we've had a few milestone Maltego releases. Maltego 3.1 was one, Maltego Tungsten was another. It's hard to say which one was the most difficult to get 'over the line'. Maltego Chlorine was one of those 'giving birth' releases.

We've worked really hard at it. The release was supposed to be in mid February - then we delayed it because we kept finding conditions we've previously missed. A lot of testing was done on Chlorine, and a lot of bugs (some even came from version 3) were fixed. We even [started talking] about it early in Feb.

A product like Maltego is never really completely finished. At any given stage there is a list of features we still want and a (smaller) list of things that really annoys us. We can easily develop Maltego for months before we push out a new release, but at some stage you need let go and put it 'out there'. We're there now - it's 10 months since our last major release and the baby is overdue.

We made a video describing what's new in Chlorine. The plan was to take the cable car up to Table Mountain and shoot the video at sunset overlooking Cape Town. It started raining during the first take. There was a pesky helicopter buzzing around (because it was State of the Nation address in parliment that day). It was shot on the 12th of Feb - almost 3 weeks ago. As such the look and feel changed a little bit here and there - but you'll get the basic idea. Click below to watch what Chlorine is all about:

New features
As the video says - the major features of Chlorine are as follows:
1) Transform Hub
2) New context menu (right click menu)
3) Java 8 support - and lots of OSX install/first run enhancements

What the video does not say is that we now have:
4) Sizable fonts (no more needing a microscope to read detail view)
5) Output window shows links to entity for easy tracking
6) Removed our branding from the PDF report (SO many people, SO angry)
7) LOTS of bug fixes
8) New branding, higher quality icons / logos etc.
9) Not really a feature of the release, but we have a brand new [developer website].

A short history of Maltego releases:
We've also realized that people have difficulty following release dates, names and features. So here goes:
Jun  2010 - 3.0 - NoName - First major release, redid graphing engine, new protocol.
Feb 2012 - 3.1 - NoName - Basically redid version 3...graph annotations, link styles

We then decided to use element names for the releases:
Sep 2012 - 3.3 - Radium - Scriptable transforms (machines), auto update
Aug 2013 -3.4 - Tungsten - Real time graph collaboration
Apr 2014 - 3.5 - Carbon - OAUTH capabilities - return of Twitter transforms
Mar 2015 - 3.6 - Chlorine - Transform hub / context menu

In between the major releases there has been a lot of on-the-fly updates, patches, hot fixes etc.

It's been a long and interesting journey. We hope you enjoy using our software as much as we enjoy building it.

So long / baby seals / going to sleep for a week,