![Page 1: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/1.jpg)
BreachedEgo
Christian Heinrich
BlackHat USA
August 2015
![Page 2: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/2.jpg)
https://www.slideshare.net/cmlh/maltego-breached
https://speakerdeck.com/cmlh/maltego-breached
Don’t forget to look at each Slide Note.
Latest Slides
![Page 3: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/3.jpg)
https://www.linkedin.com/in/ChristianHeinrich
Developer of Local and Remote Maltego Transforms for:@Facebook
@Gravatar
@RecordedFuture
@TAIA Global REDACT™
Python Modules from @CanariProject and @Paterva
https://github.com/search?q=user%3Acmlh+Maltego
$ whoami
![Page 4: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/4.jpg)
Agenda
1. Integration of the API from @haveibeenpwned, @Breach Alarm and @Abusix
2. Configuration for “Chlorine”, “Carbon” and “Tungsten” (Kali Linux)
3. Case Studies1. End User (Penetration Tester, Incident Responder, etc)
2. Vendor (Quality Assurance)
![Page 5: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/5.jpg)
Integrated API v2 Endpoints:1. Getting all breaches for an account
2. Getting all pastes for an account
3. Getting a single breached site
Supports all API HTTP Status Codes i.e. 200, 400, 403 and 404.
@haveibeenpwned - API
![Page 6: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/6.jpg)
Seed: https://cetas.paterva.com/TDS/runner/showseed/haveibeenpwned
Configuration: https://raw.githubusercontent.com/cmlh/Maltego-haveibeenpwned/master/Maltego-Configuration-haveibeenpwned.mtz
Documentation: https://github.com/cmlh/Maltego-haveibeenpwned/wiki
@haveibeenpwned – Maltego Configuration
![Page 7: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/7.jpg)
1. “Account”1. maltego.EmailAddress
2. maltego.Alias
2. “Site”1. maltego.Domain
@haveibeenpwned – Maltego Input Entities
![Page 8: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/8.jpg)
@haveibeenpwned – maltego.Alias Entity
![Page 9: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/9.jpg)
@haveibeenpwned – Maltego Machines
![Page 10: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/10.jpg)
@haveibeenpwned – Maltego Machines
![Page 11: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/11.jpg)
@haveibeenpwned – Maltego Machines
![Page 12: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/12.jpg)
@haveibeenpwned – <DisplayInformation>
![Page 13: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/13.jpg)
@haveibeenpwned – <DisplayInformation>
![Page 14: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/14.jpg)
@Breach Alarm - API
Integrated “Breached E-mails” API v1 Endpoint Only.• “Avalanche Technology Group” provided @BreachAlarm API Key at no cost to @cmlh.
Unsupported [Paid] API v1 Endpoints:1. “Breached E-mails (with History)
2. “Breached Domains”A. With History
B. Without History
Upon the paid API v1 endpoints being integrated then paterva.v2.BreachAlarm namespace will change
![Page 15: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/15.jpg)
@Breach Alarm - API
Supports all API HTTP Status Codes:
• 200
• 400, 401, 403 and 404
• 500 and 501
![Page 16: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/16.jpg)
Seed: https://cetas.paterva.com/TDS/runner/showseed/breachalarm
Configuration: https://raw.githubusercontent.com/cmlh/Maltego-BreachAlarm/master/Maltego-Configuration-BreachAlarm.mtz
Documentation: https://github.com/cmlh/Maltego-BreachAlarm/wiki
@Breach Alarm – Maltego Configuration
![Page 17: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/17.jpg)
@Breach Alarm – SHA1 Hash
![Page 18: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/18.jpg)
@Breach Alarm – Maltego Graph
![Page 19: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/19.jpg)
@Abusix - API
LeakDB
• “E-mail Address” maltego.EmailAddress
• “Password” maltego.Phrase
![Page 20: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/20.jpg)
Seed: https://cetas.paterva.com/TDS/runner/showseed/abusix
Configuration: https://raw.githubusercontent.com/cmlh/Maltego-Abusix/master/Maltego-Configuration-Abusix.mtz
Documentation: https://github.com/cmlh/Maltego-Abusix/wiki
@Abusix – Maltego Configuration
![Page 21: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/21.jpg)
@Abusix – SHA512 Hash
![Page 22: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/22.jpg)
@Abusix – maltego.Phrase/Password
![Page 23: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/23.jpg)
Seed: https://cetas.paterva.com/TDS/runner/showseed/breached
Configuration: https://raw.githubusercontent.com/cmlh/Maltego-Breach/master/Maltego-Configuration-Breached.mtz
Documentation: https://github.com/cmlh/Maltego-Breached/wiki
Breached – Maltego Configuration
![Page 24: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/24.jpg)
Alpha:
@troyhunt of @haveibeenpwned
@Abusix
@BreachAlarm
Beta:
@RoelofTemmingh, @AndrewMohawk and @paulRchds of @Paterva
@dcuthbert, @glennzw and @charlvdwalt of @SensePost
Release Candidate:
@bostonlink, @catalyst256, @tactical_intel, @digital4rensics and any1 I forgot (sorry)
Thanks
![Page 25: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/25.jpg)
Thanks
@toolswatch
@BlackHatEvents
• Jessica Hoffman at UBM
![Page 26: BreachedEgo - Black Hat...@Breach Alarm - API Integrated “reached E-mails” API v1 Endpoint Only. •“Avalanche Technology Group” provided @BreachAlarm API Key at no cost to](https://reader030.vdocuments.mx/reader030/viewer/2022040104/5e6788dd9e0e846f3f5c45e6/html5/thumbnails/26.jpg)
BreachEgoChristian Heinrich
Follow me on Twitter at @cmlh
Latest Slides
https://www.slideshare.net/cmlh/maltego-breached
https://speakerdeck.com/cmlh/maltego-breached
https://github.com/search?q=user%3Acmlh+Maltego