Episode Details

Back to Episodes
Course 12 - Maltego Advanced Course | Episode 2: Maltego Infrastructure Entities, Transforms, and Footprinting Techniques

Course 12 - Maltego Advanced Course | Episode 2: Maltego Infrastructure Entities, Transforms, and Footprinting Techniques

Published 5 months, 3 weeks ago
Description
In this lesson, you’ll learn about:
  • The core entities used in Maltego infrastructure investigations
  • How transforms connect Domains, DNS names, IPs, Netblocks, and ASNs
  • The methodology of Level 1, L2, L3, and XL infrastructure footprinting
  • Key transforms for pivoting forwards and backwards in infrastructure graphs
  • The difference between live DNS, passive DNS, and specialized DNS transforms
Summary of the Episode: This episode provides a structured introduction to infrastructure investigations in Maltego, covering the foundational entities, essential transforms, and the systematic methods used for infrastructure footprinting. It explains how domains, DNS names, IP addresses, Netblocks, and Autonomous Systems interrelate, and how transforms allow analysts to map and attribute online infrastructure. 1. Foundational Entities & Core Concepts Infrastructure investigations rely on a small set of critical entities: Key Entities
  • Domain
    • Public-facing resource
    • Common starting point for discovering related DNS names
  • DNS Name (and variants like Website, NS, MX)
    • Represents a system that can resolve to an IP address
    • Often a gateway to other infrastructure
  • IPv4 Address
    • A central pivot point in investigations
    • Even on shared hosting, IPs remain strong identifiers
  • Netblock
    • A range of IP addresses
    • Useful for clustering infrastructure and linking disparate nodes
  • Autonomous System (AS / ASN)
    • Represents routing ownership over Netblocks
    • Useful for identifying ISPs or large organizations
Other Useful Entities
  • Email Address — often the strongest pivot in broader investigations
  • Port & Service — show server capabilities (SSH, RDP, HTTP, etc.)
  • Tracking Code — connects different websites to the same operator
2. Core Infrastructure Transforms The episode divides standard Maltego infrastructure transforms into functional groups. 1. Domain → DNS Name Methods used:
  • To Website (Quick Lookup) — checks common “www” A/AAAA records
  • To Website Using Domain (Bing) — broader search engine discovery
  • Passive DNS (Robtex/Robex) — historic DNS relationships
  • SPF Transform — extracts DNS names and IPs from email policies
2. DNS Name → IP Address
  • To IP Address
    • Resolves any DNS name to its current IP
3. IP Address → Netblock / ASN Transforms use:
  • Historic Passive DNS
  • Global routing data
  • WHOIS sources (ARIN, RIPE, APNIC, etc.)
Important transforms:
  • Using Natural Boundaries — creates typical /24 IP ranges
  • To AS Number — gets ASN from the Robex database
  • To Company Owner — retrieves organization ownership & location
3. Footprinting Methodology Infrastructure footprinting is a repeatable process across industries. Level 1 Footprinting (L1) Example shown using CIA.gov Steps:
  1. Find all DNS names / Websites for the domain
  2. Resolve all DNS names → IP addresses
  3. Cluster IPs → Netblocks (often with natural boundaries)
  4. Run To AS Number on the Netblocks
  5. Extract ownership using To Company Owner
This reveals which Netblocks actually belong to the organization and allows deeper exploration (e.g., Wikipedia edits from those IPs). Higher-Level Footprinting L2 & L3 Machines
  • Add more depth
  • Use Reverse DNS (PTR lookups)
  • Provide prompts to filter MX/NS results
  • Reveal additional inf
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us