Fun with Flags
...with Dr Sheldon Cooper, Dr Amy Farrah Fowler and the new Maltego 4.2 Entity Overlays!
Did you know: Tuvalu, a country in the Pacific Ocean about midway between Australia and Hawaii, risks being wiped from the map due to rising sea waters? The country’s highest point is only 5m above sea level and they have a population of scarcely more than 10,000 people. The capital of Tuvalu, Funafuti, houses more than half the population and is an atoll encircling a 275 km² lagoon—the largest in Tuvalu.
Tuvalu’s flag contains the Union Flag in the upper left, with a sky-blue background and nine stars representing the nine islands that form part of Tuvalu. The nine stars are geographically correct, if you point the top of the flag towards the east.
Another relatively unknown country which also used to be under British Colonial Rule, on the other side of the world, is Lesotho. Lesotho is the only independent state in the world that lies entirely above 1,000m elevation. In fact, more than 80% of its land lies above 1,800m in elevation. Quite the opposite of Tuvalu, Lesotho is entirely landlocked, encircled by South Africa.
The flag of Lesotho has three horizontal bands of blue (representing rain), white (representing peace) and green (representing prosperity). In the centre there is a black Mokorotlo, a traditional Basotho hat. The current flag replaced the previous more militaristic flag in 2006, reflecting a nation in peace with itself and its only neighbour.
The flags of both Tuvalu and Lesotho are now part of Maltego, along with almost all other countries and independent territories. From version 4.2.0 onwards, you can now add flag icons to entities, and the standard Location entity has been updated to include this feature.
Now, if you set the “Country Code” property of a Location entity to the correct value, a flag icon will be added as an overlay of the entity on the graph, just like in the examples above.
But flags are not the only new overlays that we can add to graphs… Actually, there is a whole new mechanism at work that you can exploit for your own entities (more on this later).
Favicons (pronounced ‘fav-ih-con’ in both British and American English) are those tiny little icons that a web-browser can show in the tab next to the title of a website or in the bookmarks (as in favourite icon). One of the ways a browser can find the icon, is by looking for a “favicon.ico” file in the root folder of a website, e.g. http://www.google.com/favicon.ico.
The new standard Website entity in Maltego 4.2.0 has been updated to use a calculated property that will automatically map to this icon if it exists. The calculated property is derived from the main-property of the entity, namely the FQDN, with a “/favicon.ico” extension attached. This icon is then mapped to the south-west overlay position as an image. Have a look at the new Entity specification of the default Website entity in Maltego:
The result is that you can now visually identify websites from the entity on the graph itself:
This feature is limited, of course, as it does not read any of the meta-tags nor perform more advanced interpretations of the URL, but it should work in most cases where the entity-value refers to a root location.
But wait, there’s more…
Advanced overlays for your own entities
As you may have noticed by now, Maltego has received an overhaul of the overlays system, and apart from the built-in flags and the new image-overlay positions, you now also have the option to add text and a splash of colour next to the entity icons.
To illustrate all the new features, let’s create a new custom entity: Employee. Properties of our employee entity will be:
- Favourite Colour
Our Employee entity will extend the standard Maltego Person entity, so all the default properties will also be present.
Features of our new entity will be:
- The Gender and Job properties will be combined into a new Calculated property, and represented with an icon instead of the default icon;
- The employee’s age will be printed along the top of the entity icon;
- The flag of the person’s nationality will be added to the side; and
- The employee’s favourite colour will be added as a colour swatch above his name.
We create a new entity by using the advanced editor in Maltego and following the wizard. Remember to set the Base Entity Type to “maltego.Person”. We create the additional properties and create an additional “GenderJob” property and set it to be hidden. We set the default value of this new hidden property to “$property(gender)$property(job)”. This will concatenate the value of the two other properties into a new property.
Finally, we set up the overlays on the new Display Settings tab, like this:
Note that you can set, for each overlay, whether it should be interpreted as text, an image, or a colour.
At last, our new entity is ready. But before we can try it out, we need to also add a few custom icons to Maltego, and this can be done using the Icon Manager (under the Entities tab):
The icons are available from Google’s Noto Emoji, which can be found here: https://github.com/googlei18n/noto-emoji.
Finally, we can try out our new entity.
And here are a few more examples:
With great power comes great responsibility and maybe too many overlays are too much of a good thing, but I am sure you get the picture. ;)
You can download a Maltego MTZ file that contains the icons and Employee entity for you to reference below.
Happy flag-hunting, colour-splashing, and icon-bashing!
1 person likes this