Lorem ipsum dolor sit amet consectetur elit
To run Get tags and indicators for Email Address [IPQS] Transform, repeat the steps below:1. Right-click on the entity.2. Find Get tags and indicators for Email Address [IPQS] in Standard Transforms OR type the name of the Transform in the Search Bar.3. Click "Run".
Breach Data allows us to obtain information on passwords, person's name, date of birth, phone numbers, or anything that our person of interest put in their profile on the website whose data has been leaked. Exploring breach data makes for a great pivot point later in our investigation to obtain information like social media, physical address, and more.In order to find breach data, we rely on Maltego Data. While Maltego offers multiple options working with breach data, in this section we will use two of them that let us check whether an email has been leaked: Have I Been Pwned? and Darkside by District4 Labs (only available on Professional and Organization plans).
To use Have I been Pwned?, right-click on the Entity, find Have I been Pwned? in the list of Data Integrations, and select Get all breaches of an email address.
In this step we need to find out what information has been leaked. To do this, we need to click on the returned website Entity and run Enrich breached domain Transform.
Darkside data integration (included on Maltego Data) can be helpful to extract specific information from the websites that experienced a data breach. Running Darkside Transforms is as easy as our previous examples. Try running D4 - Leaked Records Search (email) in your Maltego Client on your own first or jump straight into our guide below.
o use Darkside, right-click on the Entity, find Darkside in the list of Data Integrations, and select D4 - Leaked Records Search (email). Running this Transform will first return all websites and databases containing the compromised email address.
In this step we need to find out what information has been leaked. To do this, we need to select all compromised record Entities, right-click, and find D4 - Extract Personally Identifiable Information in the Transform Menu.
When you start an investigation of a person, your first instinct might be to type someone's name in a search engine. While a legitimate place to start, it often gives you irrelevant results to websites that might be only tangentially related to your person of interest.So how to do it efficiently?
The process of running the Transform is similar to using the Bing search engine directly but with an added convenience of result visualization in one interface that allows us to expand our investigation further all in one graph.
In this step we extract Email Addresses that appear on the websites we retrieved by dorking Jake Paul's name. An email address, unlike a person's name, is a unique identifier. While we might get two people with the same first and last name, we will never get the exact same email address twice. Therefore, obtaining a person's email address can provide us with a pivot point to obtain relevant breach data and social media profiles.
Another valuable piece of information we can retrieve from a URL is a phone number that is often linked to a person's social media account and breach data. To obtain a phone number from a URL, we need to repeat the same steps as with an email address: select all URL Entities and run To Phone numbers [Found on this webpage]
From the Phone Number Entity run Search Accounts [ESPY] Transform
This action leverages the ESPY data integration within Maltego (Available on Professional and Organization).ESPY data integration is valuable because it incorporates data from well-known platforms like Whitepages, Spy Dialer, and Truecaller.
Next step is to verify our findings using a different data integration. To do this, we can turn to breached data such as Darkside by District4. From the same Phone Number Entity, find D4 – Leaked Records Search (phone) Transform and click Run.By starting with the information obtained from ESPY, such as a person's name, we have a solid starting point for verifying the accuracy of the data found in Darkside.
As a final step, to obtain the person's name from the compromised records, select all Compromised Record Entities by dragging your mouse over them, right-click and find D4 - Extract Personally Identifiable Information in the Transform Menu. Click Run.
Check our Maltego Search demo (previously called OSINT Profiler) and learn how to be 12x faster at OSINT investigations
If you already have access through Maltego Professional, Organization and is unsure about how to get started, follow the tutorial below:
Learn the foundational methodology of investigating phishing campaigns and how to speed up the process using Maltego, and how to advance your investigation with data available on Maltego Professional and Organization.
How to ensure your network footprint is comprehensive enough? Learn Maltego's network footprinting methodology and best practices of mapping an infrastructure.
Tracing cryptocurrency transactions to identify financial fraud and criminal activities like money laundering is not as complicated as one would think. Learn how to map the history of Bitcoin transactions and movements from one address to another using Maltego (further investigations require Maltego Data available on Professional and Organzation plans).
