Maltego OSINT Lab for Keeber Challenge in Secure, Private and Non-Attribution Kasm Workspaces
Maltego OSINT Linux Workspace used for Keeber Challenge from #NahamCon CTF 2022 from Tech Raj (https://youtu.be/06BhA67BhR0) covering Leaked Confidential Information.
In this video Tech Raj provides a comprehensive overview of a cloud-based Maltego OSINT Investigation:
• Explanation of OSINT.
• Kasm Workspaces Community Edition deployment to AWS.
• Introduction to Keeber Challenge from NahamCon CTF 2022.
• Configuring Maltego and using transforms.
• Using Wayback Machine for research.
• Maltego graphs.
Open Source Intelligence is the process of collecting and gathering interesting information about a target from publicly available (open source) resources. OSINT plays a major role in Ethical Hacking because it is a skill that every red-teamer needs to possess to successfully conduct an investigation on the target company/organization and potentially find anything confidential. When it comes to OSINT, there are many tools and frameworks available to ease the process, among which Maltego is considered to be one of the best!
In this lab we show you how to install and set up Maltego privately so that you don’t end up leaking your personal identity while conducting private investigations with OSINT. We will be making use of the concept called Docker Streaming, using which one can create a container of a docker image (in this case, Maltego) and stream it directly from a web browser! That’s right! We will be making use of Kasm Workspaces for this.
You can install Kasm Workspaces on your local Linux Machine, but we recommend installing it on a cloud instance so that the docker containers are on a virtual computer for managed attribution. This way, you are not putting your personal computer at risk, and it also provides privacy and non-attribution.
Kasm System Requirements
The minimum system requirements are 2 Cores, 4GB RAM, and 50 GB SSD storage. Kasm works on most Linux distributions like Ubuntu 18.04 / 20.04 / 22.04, Debian 9 / 10 / 11, CentOS 7 / 8 / 9, Oracle Linux 7 / 8 / 9, Raspberry Pi OS (Debian) 10 / 11, etc. You can find the full list of supported operating systems here.
Installing Kasm Workspaces
Step 1. Create a swap partition
sudo dd if=/dev/zero bs=1M count=1024 of=/mnt/1GiB.swap
sudo chmod 600 /mnt/1GiB.swap
sudo mkswap /mnt/1GiB.swap
sudo swapon /mnt/1GiB.swap
Step 2. Make the swap file available on boot
echo '/mnt/1GiB.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab
Step 3. Download Kasm Workspaces.
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.12.0.d4fd8a.tar.gz
Step 4. Extract with tar and install
tar -xf kasm_release*.tar.gz
sudo bash kasm_release/install.sh
Once Kasm is installed, you will be given the credentials to log in to Kasm, make sure you note them down. You can also change these randomly generated credentials later.
Now, go to https://<YOUR_IP>:443 in your browser, this will take you to the login page of Kasm Workspaces. Log in with your credentials that are generated during the installation. You will now be taken to your dashboard.
Installing Maltego on Kasm Workspaces
Maltego is not available by default on Kasm, but we can easily install it manually from this docker image.
To install Maltego, Go to “Admin”, select “Workspaces” and then click “Add Workspace”
In the next screen, set the values as follows:
Workspace Type: Container
Friendly Name: Maltego
Docker Image: kasmweb/maltego:develop
GPU Count: 0
CPU Allocation Method: Inherit
Docker Registry: https://index.docker.io/v1/
Finally, click on “Submit” and this will create the image.
After Kasm is done downloading the image of Maltego from Docker Hub, you can find Maltego on your Workspaces page.
Just click on Maltego and then click “Launch Session” to create a container of this image, and voila! A fully functional Maltego opens up in a new tab in your browser!
Once you are done using Maltego, you can simply kill your session and everything will be destroyed — like you never even used it!