Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,090 --> 00:00:02,340 -: Open-source intelligence tools are used during 2 00:00:02,340 --> 00:00:05,010 the reconnaissance phase to find actionable intelligence 3 00:00:05,010 --> 00:00:07,156 from various publicly available sources. 4 00:00:07,156 --> 00:00:09,900 This intelligence can help the penetration tester to 5 00:00:09,900 --> 00:00:12,990 be more precise and targeted in their attack development 6 00:00:12,990 --> 00:00:15,540 and future exploits during their engagement. 7 00:00:15,540 --> 00:00:17,640 Because OSINT is publicly available, 8 00:00:17,640 --> 00:00:18,840 you're not gonna raise any alerts 9 00:00:18,840 --> 00:00:20,970 at your target organization while you're gathering 10 00:00:20,970 --> 00:00:23,940 information using only these OSINT tools. 11 00:00:23,940 --> 00:00:25,470 Now, when working with OSINT, 12 00:00:25,470 --> 00:00:28,050 you can collect information from any public websites 13 00:00:28,050 --> 00:00:30,270 including the target's own website. 14 00:00:30,270 --> 00:00:32,130 You can also check the WHOIS database to find 15 00:00:32,130 --> 00:00:34,260 out who owns or operates a given domain, 16 00:00:34,260 --> 00:00:36,870 as well as querying the public DNS servers to get copies 17 00:00:36,870 --> 00:00:39,420 of the target organization's DNS records. 18 00:00:39,420 --> 00:00:42,240 This can include all of their subdomains, email servers 19 00:00:42,240 --> 00:00:44,225 and other softwares and service technologies 20 00:00:44,225 --> 00:00:47,160 that are being associated with their domain name. 21 00:00:47,160 --> 00:00:49,860 Now, job postings, blogs, news articles, 22 00:00:49,860 --> 00:00:51,750 and social media are also useful 23 00:00:51,750 --> 00:00:53,340 in gathering your intelligence. 24 00:00:53,340 --> 00:00:54,780 From a technical perspective, 25 00:00:54,780 --> 00:00:55,793 inspecting the target organization's 26 00:00:55,793 --> 00:00:59,250 SSL and TLS certificates with the registry 27 00:00:59,250 --> 00:01:02,370 authority can also be a useful form of OSINT. 28 00:01:02,370 --> 00:01:04,890 Now, in this lesson, we're gonna take a quick look 29 00:01:04,890 --> 00:01:08,430 at some popular OSINT tools that are covered by the exam. 30 00:01:08,430 --> 00:01:10,110 For the exam, you do not need 31 00:01:10,110 --> 00:01:12,150 to know how to actually use these tools 32 00:01:12,150 --> 00:01:14,010 and all of their command line options, 33 00:01:14,010 --> 00:01:16,920 but you should know why you would use each tool. 34 00:01:16,920 --> 00:01:18,660 And in the basic case of OSINT, 35 00:01:18,660 --> 00:01:20,430 and then more specifically what type 36 00:01:20,430 --> 00:01:23,340 of OSINT information you could get from these tools. 37 00:01:23,340 --> 00:01:27,240 Now, the tools we're gonna cover include Metagoofil, FOCA, 38 00:01:27,240 --> 00:01:32,240 The Harvester, Shodan, Maltego, Recon-ng, and Censys. 39 00:01:32,700 --> 00:01:33,900 It's important to remember that 40 00:01:33,900 --> 00:01:36,270 open source intelligence is not trying to connect 41 00:01:36,270 --> 00:01:37,860 to our targeted servers. 42 00:01:37,860 --> 00:01:39,900 Instead, we're trying to find out information 43 00:01:39,900 --> 00:01:41,700 about them by connecting to other servers 44 00:01:41,700 --> 00:01:44,940 on the internet, or by searching elsewhere on the internet. 45 00:01:44,940 --> 00:01:47,700 The first tool we have is known as Metagoofil. 46 00:01:47,700 --> 00:01:49,847 Metagoofil is a Linux-based tool that can search 47 00:01:49,847 --> 00:01:51,570 the metadata associated 48 00:01:51,570 --> 00:01:54,990 with public documents located on a target's website. 49 00:01:54,990 --> 00:01:57,450 This tool relies on the Python scripting language 50 00:01:57,450 --> 00:02:00,360 to locate metadata with a different types of files, 51 00:02:00,360 --> 00:02:03,780 including Microsoft Word, Excel, and PowerPoint 52 00:02:03,780 --> 00:02:07,710 as well as OpenOffice's Writer, Calc, and Base files. 53 00:02:07,710 --> 00:02:10,169 Metadata is not the data itself that's contained 54 00:02:10,169 --> 00:02:11,430 within the file, though. 55 00:02:11,430 --> 00:02:14,070 Such as the report you wrote for your college English class, 56 00:02:14,070 --> 00:02:17,640 but instead it's data about the data in that file. 57 00:02:17,640 --> 00:02:19,500 For example, this video consists 58 00:02:19,500 --> 00:02:21,300 of all the ones and zeros that make 59 00:02:21,300 --> 00:02:23,040 up the images on the screen that you're viewing 60 00:02:23,040 --> 00:02:24,600 and the words you're hearing. 61 00:02:24,600 --> 00:02:28,020 But the original video file also contains metadata 62 00:02:28,020 --> 00:02:30,120 about the video file itself. 63 00:02:30,120 --> 00:02:33,300 This metadata provides information such as the author, 64 00:02:33,300 --> 00:02:36,900 the company who created it, title, and subject. 65 00:02:36,900 --> 00:02:39,720 Other kinds of metadata can also be included in the file. 66 00:02:39,720 --> 00:02:42,360 Such as how much time is spent editing a Word document, 67 00:02:42,360 --> 00:02:44,070 the number of words in that document, 68 00:02:44,070 --> 00:02:47,190 or the number of changes or revisions made to that document. 69 00:02:47,190 --> 00:02:50,460 To use Metagoofil, you're gonna enter the command Metagoofil 70 00:02:50,460 --> 00:02:52,140 and the appropriate options. 71 00:02:52,140 --> 00:02:54,840 For example, if you wanted to search the Apple website 72 00:02:54,840 --> 00:02:57,720 for any doc and PDF files, limit that search 73 00:02:57,720 --> 00:03:00,420 to the first 200 documents found and only download up 74 00:03:00,420 --> 00:03:02,910 to 50 of those files each time, 75 00:03:02,910 --> 00:03:04,590 and then create a working directory where 76 00:03:04,590 --> 00:03:06,480 you're gonna save those 50 files to, 77 00:03:06,480 --> 00:03:08,550 and output the results to a file, 78 00:03:08,550 --> 00:03:10,260 you can do that by using the command 79 00:03:10,260 --> 00:03:12,690 Metagoofil dash D 80 00:03:12,690 --> 00:03:15,240 apple.com dash T 81 00:03:15,240 --> 00:03:16,920 dot comma pdf 82 00:03:16,920 --> 00:03:18,300 dash L 83 00:03:18,300 --> 00:03:20,520 200 dash N 84 00:03:20,520 --> 00:03:22,770 50 dash O 85 00:03:22,770 --> 00:03:26,880 Apple files dash F, and then press the Enter key. 86 00:03:26,880 --> 00:03:28,770 Metagoofil can run on any system 87 00:03:28,770 --> 00:03:30,900 because it is run by the Python interpreter. 88 00:03:30,900 --> 00:03:34,950 So you can install it on Linux, Mac OS, or Windows Systems. 89 00:03:34,950 --> 00:03:36,960 The next tool we have is called FOCA, 90 00:03:36,960 --> 00:03:39,330 which stands for the Fingerprinting Organizations 91 00:03:39,330 --> 00:03:42,503 with Collected Archives. FOCA's used to find metadata 92 00:03:42,503 --> 00:03:43,830 and hidden information 93 00:03:43,830 --> 00:03:47,010 and documents that we collected from that organization. 94 00:03:47,010 --> 00:03:49,590 If our target organization is Udemy, for example 95 00:03:49,590 --> 00:03:51,930 we might go onto Google and find out everything we can 96 00:03:51,930 --> 00:03:55,080 about Udemy by finding Word and Excel documents, pictures 97 00:03:55,080 --> 00:03:57,480 and anything else that company may have put 98 00:03:57,480 --> 00:03:58,920 out onto the internet. 99 00:03:58,920 --> 00:04:00,840 We collect this information and then we run it 100 00:04:00,840 --> 00:04:02,970 through FOCA to find all the metadata 101 00:04:02,970 --> 00:04:06,780 things like GPS locations, authors' names, email addresses 102 00:04:06,780 --> 00:04:09,090 internal codes and things like that. 103 00:04:09,090 --> 00:04:10,200 We can then use this as part 104 00:04:10,200 --> 00:04:13,027 of our social engineering or to base our future exploits on 105 00:04:13,027 --> 00:04:15,060 if we determine the software versions that were 106 00:04:15,060 --> 00:04:17,640 used to create those particular files. 107 00:04:17,640 --> 00:04:19,260 In recent versions of FOCA, 108 00:04:19,260 --> 00:04:21,870 they've also added the ability to use Google, Bing, 109 00:04:21,870 --> 00:04:24,360 and DuckDuckGo to find downloadable files 110 00:04:24,360 --> 00:04:27,660 for you to analyze. Just like you can with Metagoofil. 111 00:04:27,660 --> 00:04:29,250 Now, the nice thing about FOCA is 112 00:04:29,250 --> 00:04:31,440 that it uses a graphical user interface. 113 00:04:31,440 --> 00:04:32,730 And this makes it easier to work 114 00:04:32,730 --> 00:04:35,430 with than the command line Metagoofil tool. 115 00:04:35,430 --> 00:04:38,220 Unfortunately, though, FOCA does not work on Linux. 116 00:04:38,220 --> 00:04:41,670 So you have to be running Windows if you want to use FOCA. 117 00:04:41,670 --> 00:04:43,530 The Harvester is our next tool. 118 00:04:43,530 --> 00:04:46,020 And it's a wonderful program for gathering emails, 119 00:04:46,020 --> 00:04:48,960 subdomains hosts, employee names 120 00:04:48,960 --> 00:04:50,919 email addresses, PGP key entries, 121 00:04:50,919 --> 00:04:55,050 open ports, and service banners off of different servers. 122 00:04:55,050 --> 00:04:57,120 As you can see, The Harvester is gonna start 123 00:04:57,120 --> 00:04:59,100 with some of the basic open source intelligence 124 00:04:59,100 --> 00:05:01,760 things like emails, subdomains hosts, employees 125 00:05:01,760 --> 00:05:04,830 and things like that. But then we could take it further 126 00:05:04,830 --> 00:05:08,100 by scanning it enumerating things like PGP key entries, 127 00:05:08,100 --> 00:05:10,200 open ports, and banner grabbing. 128 00:05:10,200 --> 00:05:12,390 Conveniently, The Harvester does come installed 129 00:05:12,390 --> 00:05:14,820 by default inside of Kali Linux. 130 00:05:14,820 --> 00:05:16,830 Now, The Harvester is pretty easy to use 131 00:05:16,830 --> 00:05:18,690 once you learn its syntax. 132 00:05:18,690 --> 00:05:20,190 To open up The Harvester, 133 00:05:20,190 --> 00:05:21,240 go to your command line 134 00:05:21,240 --> 00:05:24,120 and then simply enter The Harvester and hit enter. 135 00:05:24,120 --> 00:05:26,160 And the command line options will actually show up 136 00:05:26,160 --> 00:05:27,900 and tell you how to use it. 137 00:05:27,900 --> 00:05:29,430 For example, if I wanted to search 138 00:05:29,430 --> 00:05:31,410 for all the email addresses for a domain 139 00:05:31,410 --> 00:05:33,780 like 'udemy.com' and then limit my results 140 00:05:33,780 --> 00:05:36,766 to the first 250 that I find using Google, I can do that 141 00:05:36,766 --> 00:05:40,500 by entering the command, The Harvester dash D 142 00:05:40,500 --> 00:05:43,020 udemy.com dash L 143 00:05:43,020 --> 00:05:45,270 250 dash B 144 00:05:45,270 --> 00:05:47,100 Google, and hitting enter. 145 00:05:47,100 --> 00:05:49,080 The Harvester has the ability to use multiple 146 00:05:49,080 --> 00:05:51,180 search engines such as Google and Bing 147 00:05:51,180 --> 00:05:53,130 to find this open source intelligence. 148 00:05:53,130 --> 00:05:55,110 But it can also search social media sites 149 00:05:55,110 --> 00:05:57,030 like Twitter and LinkedIn as well. 150 00:05:57,030 --> 00:05:58,110 If you wanna do that, 151 00:05:58,110 --> 00:06:00,840 simply replace the word Google after dash B 152 00:06:00,840 --> 00:06:04,680 with a search engine or social media site you wanna search. 153 00:06:04,680 --> 00:06:06,630 If you wanna check a digital certificate, 154 00:06:06,630 --> 00:06:08,730 you can also obtain the certificate information 155 00:06:08,730 --> 00:06:11,490 from Comodo's certificate search engine as well. 156 00:06:11,490 --> 00:06:12,960 You can even conduct banner grabbing 157 00:06:12,960 --> 00:06:16,110 in conjunction with using something like Shodan. 158 00:06:16,110 --> 00:06:18,270 Another tool that has a lot of great capabilities 159 00:06:18,270 --> 00:06:21,450 like the Harvester, is known as Recon-ng. 160 00:06:21,450 --> 00:06:24,510 In fact, Recon-ng has much more capabilities 161 00:06:24,510 --> 00:06:26,640 than The Harvester, because it uses a system 162 00:06:26,640 --> 00:06:28,620 of modules to add additional features 163 00:06:28,620 --> 00:06:30,330 and functions for your use. 164 00:06:30,330 --> 00:06:31,260 For example, 165 00:06:31,260 --> 00:06:33,300 there's a module to conduct WHOIS queries to 166 00:06:33,300 --> 00:06:36,420 identify administrative and technical points of contacts. 167 00:06:36,420 --> 00:06:39,330 There's another one to conduct PGP key searches 168 00:06:39,330 --> 00:06:41,820 and another for social media profile searching. 169 00:06:41,820 --> 00:06:44,370 Yet another, for file crawling of websites, 170 00:06:44,370 --> 00:06:45,360 and yet another one 171 00:06:45,360 --> 00:06:48,180 for DNS record searching and enumeration. 172 00:06:48,180 --> 00:06:49,410 If you have a list of emails 173 00:06:49,410 --> 00:06:50,851 for your reconnaissance efforts, you can also 174 00:06:50,851 --> 00:06:54,510 use Recon-ng to check if those emails have been the victim 175 00:06:54,510 --> 00:06:56,070 of a data breach previously 176 00:06:56,070 --> 00:06:57,990 by checking, 'Have I been pwned?' 177 00:06:57,990 --> 00:06:59,310 And if so, you might be able 178 00:06:59,310 --> 00:07:00,720 to find those passwords available 179 00:07:00,720 --> 00:07:04,470 as part of a password dump for sale over on the dark web. 180 00:07:04,470 --> 00:07:06,395 Now, Recon-ng is a Python script 181 00:07:06,395 --> 00:07:08,072 and it makes it cross-platform 182 00:07:08,072 --> 00:07:11,970 and supported by Linux, Mac OS, and Windows. 183 00:07:11,970 --> 00:07:14,940 This web reconnaissance framework does come pre-installed 184 00:07:14,940 --> 00:07:16,413 in Kali Linux by default. 185 00:07:16,413 --> 00:07:21,270 To start it up, just type in recon dash ng and press enter. 186 00:07:21,270 --> 00:07:22,190 Then it's gonna pop up 187 00:07:22,190 --> 00:07:25,258 and you'll be able to see all the commands on the screen. 188 00:07:25,258 --> 00:07:27,300 If you wanna try it out for yourself, 189 00:07:27,300 --> 00:07:29,130 go ahead into your Kali virtual machine 190 00:07:29,130 --> 00:07:32,250 and enter recon dash ng at the terminal prompt 191 00:07:32,250 --> 00:07:34,230 and you'll be able to start playing with it. 192 00:07:34,230 --> 00:07:36,840 When you load up Recon-ng, I recommend you 193 00:07:36,840 --> 00:07:39,150 set up a new workspace to contain everything 194 00:07:39,150 --> 00:07:41,490 that you're gonna be searching for and saving. 195 00:07:41,490 --> 00:07:42,930 For example, you can do this 196 00:07:42,930 --> 00:07:44,490 at the command line when launching it 197 00:07:44,490 --> 00:07:46,680 by typing recon dash ng, 198 00:07:46,680 --> 00:07:48,360 space dash W, 199 00:07:48,360 --> 00:07:49,920 space Dion 200 00:07:49,920 --> 00:07:52,530 and that's gonna create a new workspace called Dion 201 00:07:52,530 --> 00:07:54,870 for me to use when I conduct my reconnaissance. 202 00:07:54,870 --> 00:07:57,480 If you're already in the Recon-ng prompt though, 203 00:07:57,480 --> 00:08:01,170 you can also just type in workspace, create, and the name 204 00:08:01,170 --> 00:08:04,650 and it will actually create it inside of Recon-ng as well. 205 00:08:04,650 --> 00:08:06,870 Once you do this, you're now gonna be inside 206 00:08:06,870 --> 00:08:08,640 of this new text-based environment, 207 00:08:08,640 --> 00:08:09,473 and you're gonna be able to use all 208 00:08:09,473 --> 00:08:12,330 of the different features and functions of Recon-ng. 209 00:08:12,330 --> 00:08:14,250 Now, similar to how metasploit is used 210 00:08:14,250 --> 00:08:15,780 as an exploit framework, 211 00:08:15,780 --> 00:08:17,370 and social engineering toolkit is used 212 00:08:17,370 --> 00:08:20,040 for social engineering, Recon-ng is used 213 00:08:20,040 --> 00:08:22,710 for reconnaissance and open source intelligence gathering. 214 00:08:22,710 --> 00:08:25,950 It is a really complete all-in-one type of tool. 215 00:08:25,950 --> 00:08:28,052 Next, we have Shodan, and Shodan is actually 216 00:08:28,052 --> 00:08:30,583 a website that contains a search engine that lets us 217 00:08:30,583 --> 00:08:34,080 find things like webcams, routers, servers, 218 00:08:34,080 --> 00:08:35,970 and other devices that are considered part 219 00:08:35,970 --> 00:08:37,530 of the Internet of things. 220 00:08:37,530 --> 00:08:40,470 Both researchers and attackers both love Shodan 221 00:08:40,470 --> 00:08:42,929 because of the wealth of information it provides. 222 00:08:42,929 --> 00:08:44,306 For instance, today I found there are 223 00:08:44,306 --> 00:08:47,910 over 10,000 webcams that are actually open to the internet 224 00:08:47,910 --> 00:08:49,380 even though they shouldn't be. 225 00:08:49,380 --> 00:08:51,810 Further, we can see there are 1500 things 226 00:08:51,810 --> 00:08:55,350 using default passwords, making them very easy targets. 227 00:08:55,350 --> 00:08:57,120 So, if we're targeting a company 228 00:08:57,120 --> 00:08:59,880 we can actually search for things owned by that company 229 00:08:59,880 --> 00:09:02,100 and see what they have opened to the internet whilst staying 230 00:09:02,100 --> 00:09:04,918 at arm's length away because we're connecting to Shodan. 231 00:09:04,918 --> 00:09:07,170 And Shodan is the one doing the searching. 232 00:09:07,170 --> 00:09:10,080 Now, Shodan is looking for everything on the internet, 233 00:09:10,080 --> 00:09:12,270 and so it's not targeting a particular company, 234 00:09:12,270 --> 00:09:14,220 but it does add it to its database. 235 00:09:14,220 --> 00:09:17,490 Think about, Shodan like Google for different devices. 236 00:09:17,490 --> 00:09:19,920 In fact, Shodan is really good at finding things 237 00:09:19,920 --> 00:09:23,490 like IoT devices, and many IoT devices are not 238 00:09:23,490 --> 00:09:24,810 very well secured. 239 00:09:24,810 --> 00:09:27,210 So as you come across things like webcams, 240 00:09:27,210 --> 00:09:30,420 refrigerators, thermostats, or even alarm systems, 241 00:09:30,420 --> 00:09:31,950 that may be a great way for you to get 242 00:09:31,950 --> 00:09:34,273 into your targeted organization, because maybe 243 00:09:34,273 --> 00:09:37,710 they just installed a new wifi-based security camera system 244 00:09:37,710 --> 00:09:38,880 and you're gonna be able to use that 245 00:09:38,880 --> 00:09:42,000 as your gateway and pivot point into their network. 246 00:09:42,000 --> 00:09:44,670 The next tool we're gonna talk about is Censys. 247 00:09:44,670 --> 00:09:46,230 Now, this is much likes Shodan 248 00:09:46,230 --> 00:09:47,880 and it's another search engine. 249 00:09:47,880 --> 00:09:49,133 The difference is it's only used 250 00:09:49,133 --> 00:09:50,970 for finding hosts and networks 251 00:09:50,970 --> 00:09:54,330 across the Internet with data about their configurations. 252 00:09:54,330 --> 00:09:56,040 It has a really nice search interface 253 00:09:56,040 --> 00:09:57,240 and it can build reports for us 254 00:09:57,240 --> 00:09:59,242 and even has an SQL engine that we can tie 255 00:09:59,242 --> 00:10:01,620 into if we pay for a subscription. 256 00:10:01,620 --> 00:10:04,530 As a network defender, Censys can also be configured to 257 00:10:04,530 --> 00:10:07,320 continually discover unknown assets on your network 258 00:10:07,320 --> 00:10:09,510 and help you mitigate the risk of virtual machine 259 00:10:09,510 --> 00:10:11,370 or cloud sprawl that can occur 260 00:10:11,370 --> 00:10:13,470 in those type of environments. 261 00:10:13,470 --> 00:10:16,199 The last tool we're gonna cover is called Maltego. 262 00:10:16,199 --> 00:10:18,807 Maltego is a piece of commercial software that's used 263 00:10:18,807 --> 00:10:21,120 for conducting open-source intelligence 264 00:10:21,120 --> 00:10:23,550 and it helps us visually connect those relationships 265 00:10:23,550 --> 00:10:25,470 between pieces of information. 266 00:10:25,470 --> 00:10:27,210 For instance, if I gather a bunch 267 00:10:27,210 --> 00:10:29,520 of emails or a bunch of social media profiles 268 00:10:29,520 --> 00:10:31,440 of people who work for an organization, 269 00:10:31,440 --> 00:10:33,510 I can start mapping them out with this tool 270 00:10:33,510 --> 00:10:36,030 and figure out that if I wanna get to the CEO, 271 00:10:36,030 --> 00:10:38,370 I first have to go through his receptionist. 272 00:10:38,370 --> 00:10:41,040 Then I might find out that to get to the receptionist, 273 00:10:41,040 --> 00:10:42,720 I need to go through her sister. 274 00:10:42,720 --> 00:10:44,100 And if I figure out that her sister 275 00:10:44,100 --> 00:10:45,215 likes the movie Twilight, 276 00:10:45,215 --> 00:10:47,070 I might be able to start a conversation 277 00:10:47,070 --> 00:10:49,680 with her and start connecting all those dots back up 278 00:10:49,680 --> 00:10:51,720 and into the CEO's life. 279 00:10:51,720 --> 00:10:54,840 Maltego is all about chaining from one person to the next, 280 00:10:54,840 --> 00:10:57,840 or one server to the next, or one terminal to the next. 281 00:10:57,840 --> 00:10:59,130 Whether you're doing email, 282 00:10:59,130 --> 00:11:01,830 social networking or even machines themself, 283 00:11:01,830 --> 00:11:03,450 you can collect all this information 284 00:11:03,450 --> 00:11:07,050 and then map it out for exploitation using Maltego. 285 00:11:07,050 --> 00:11:09,420 Maltego also has the ability to automate the querying 286 00:11:09,420 --> 00:11:10,950 of public sources of data, 287 00:11:10,950 --> 00:11:12,540 and then compare the data with other sets 288 00:11:12,540 --> 00:11:14,315 of information to provide these commonalities 289 00:11:14,315 --> 00:11:16,410 between different sources. 290 00:11:16,410 --> 00:11:19,110 This data could be names, physical addresses, network 291 00:11:19,110 --> 00:11:22,419 IP address ranges, phone numbers, email addresses 292 00:11:22,419 --> 00:11:24,972 external URLs, DNS records, subdomains, 293 00:11:24,972 --> 00:11:29,340 social media profiles, or downloaded files. 294 00:11:29,340 --> 00:11:31,590 All of these results are graphically displayed 295 00:11:31,590 --> 00:11:33,630 and all the links are visually created. 296 00:11:33,630 --> 00:11:36,450 Similar to a detective trying to solve a murder case whose 297 00:11:36,450 --> 00:11:37,620 as strings to tie together a bunch 298 00:11:37,620 --> 00:11:39,210 of photographs on a cork board 299 00:11:39,210 --> 00:11:41,580 so he can easily visualize the bigger picture. 300 00:11:41,580 --> 00:11:43,380 That's what Maltego will do for you. 23092