Archive for December, 2011

Man-In-The-Middle-ing You

Posted in Silly on 22 December, 2011 by Alec Waters

Down at the local wi-fi equipped coffee shop, I couldn’t help but notice the chap in the corner singing merrily to himself as he tapped away at his laptop. Not sure what he was up to, but this was what he sang…

Well I know just why I came here tonight,
Drinking coffee while I’m stealing your bytes,
Sniffing passwords as they fly through the air,
And your privacy, it don’t have a prayer,
Bob to the left of me,
Alice to the right, here I am,
Man in the middle-ing you.

Yes I’m thinking ’bout which tool I should use,
Maybe Mallory or Karma for you,
It’s so hard to keep this smile from my face,
Taking control, yeah, I’m all over the place,
Banks to the left of me,
Email to the right, here I am,
Man in the middle-ing you.

Well I started out with nothing,
And ID theft is my secret plan,
Your credentials all come crawlin,
Wanting to be used they say,
Please… Please…

Trying to make some use of it all,
Finding pics for “you” to post on your Wall,
Maybe sending some embarrassing Tweets,
Social media was never so sweet!
Twitter to the left of me,
Facebook to the right, here I am,
Man in the middle-ing you.

Well I started out with nothing,
And ID theft is my secret plan,
Your credentials all come crawlin,
Wanting to be used they say,
Please… Please…

Well I know just why I came here tonight,
Drinking coffee while I’m stealing your bytes,
Sniffing passwords as they fly through the air,
And your privacy, it don’t have a prayer,
Bob to the left of me,
Alice to the right, here I am,
Man in the middle-ing you,
Yes I’m man in the middle-ing  you,
Man in the middle-ing you.


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

Using Maltego CaseFile to map The Spy Hunter

Posted in Spy Hunter on 2 December, 2011 by Alec Waters

In any investigation, keeping track of evidence is crucial to success. When it comes to crime scene photos, bios of suspects, pictures of exhibits, etc, you might like to follow the lead of TV cops and pin it all to a board in the squad room:

Doctor Reid and his gigantic sliding tile puzzle

Or you might like to use one of those new-fangled computer thingies instead. Paterva (of Maltego fame) have recently released a beta of their latest effort, CaseFile:

CaseFile is aimed at analysts that do not necessarily use open sources of intelligence (or even the Internet for that matter). Think of it as Maltego without transforms but with tons of new features. Adding/attaching photos, documents and annotations to nodes, graph merging, better integration with browsers, passwords on graphs, and tons of new useful entities – and this is just a few of the goodies we’ve added into CaseFile.

I thought I’d test it out by creating a graph of the players in my Spy Hunter packet challenges (Part One, Part Two). Here’s what I came up with:

The graph above shows SIBHOD on the right, and the target organisations on the left. SIBHOD’s infiltrations are either via its own agents (e.g. Kerry Nitpick using the alias Arnold Davies placed directly within NybbleComms) or via subverting employees (e.g. Donald Burgess). SIBHOD’s organisational structure is shown via the “Reports to” links; also shown are aliases and social network identities. The people are of different types – Dave Nice is a Gang Leader, Kerry Nitpick is a Gang Member, Donald Burgess is an Employee, etc.

Each element on the graph can have lots of information attached. For example, double clicking on the Silky Suzy “Alias” icon shows you this:

You can attach as many arbitrary files and notes as you like. I did try putting notes on the links (to document what an agent’s mission is, for example), but these don’t seem to get saved properly (bug in the beta?). Links to external sites are possible, too – double click Homer Hicks’ Twitter affiliation, and click “Open all URLs” in the top right to be taken directly to his Twitter feed:

It’s extremely cool. Download CaseFile from here (watch the video too), and the Spy Hunter graph from here, then have a play around!


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

Follow

Get every new post delivered to your Inbox.

Join 33 other followers