Presented by Dan Weis, Penetration Tester/Security Specialist, Kiandra IT
Everybody thinks of the internet as a happy world where people connect, learn, share ideas and information and have some laughs. What most people don’t see is the layer of the internet nobody wants you to know about - the darknet.
This presentation will walk attendees through some of the darknet's most dangerous sites where they trade in weapons, stolen data, accounts and payment cards, passports and botnets…amongst other things. Attendees will gain a real world look at where compromised data ends, and learn how to mitigate attackers gaining access to their Personally Identifiable Information (PII).
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
A visit to the darknet
1. The Darknet
The layer of the internet nobody wants you to see…
Presented by:
Dan Weis
2. Who’s this guy?
Lead Pentester
Certified Ethical Hacker, Licensed Penetration Tester, 23+
other certs
Trainer/Mentor upcoming Ethical Hackers
Underground Researcher
Been in IT since 1995 in various roles both here and
internationally.
5+ years in security providing consulting, 3 years+ as a
pentester.
Major Nerd
3. The Internet
6th August 1991 the internet was born (became publicly available)
These days, 2.5 billion people inhabit the internet
Most people think the internet is just this:
And occasionally this:
4. Disclaimer
The sites presented here are underground
illegal sites
It is not recommended you visit these
Some are monitored by the feds (all are
monitored by the CIA )
Nor do I support any of these sites or
activities
They ARE dangerous sites
Seriously…know what you are doing..
Sandboxie, Java disablement, VM’s etc..
5. What is it?
The ‘Darknet’ is the hidden underground of the internet
It’s where Hackers, criminals, organised crime, political activists and
whistleblowers operate
Usually only accessible through the Tor anonymizing software
Normally where blackmarket transactions are conducted
Had no search engine of any sort…. Until earlier this year….
6. Grams
Meet Grams, the Darknet’s first Search Engine
It indexes 8 of the Darknet’s markets
Keep’s track of the latest rate for bitcoin
currency, and allows you to filter items to
display in bitcoins, USD, EUR, GBP
Sorts by relevance, similar indexing to Google
So what can you buy?
19. You don’t need tor to visit all sites
A lot of sites operate on the standard web
But are located in countries that have laws that are….
lacking…
Yes they are still watched by the Feds
They go up and down often and change url’s frequently
Require you to have anonymous currencies, such as bitcoin
and paid a fee just to browse
Is where a lot of the stolen data ends up….
20. Indexeus
Indexeus.org
200 million identities+ and expanding
Indexes user account information
acquired from more than 100 recent
data breaches
Including Adobe, Yahoo etc
Lists things like email addresses,
usernames, passwords, Internet
address, physical addresses,
birthdays and other information that
may be associated with those
accounts.
26. So why are you showing us this?
To make you aware that there is more than what you
realise….
27. Why...
And to ensure you don’t become a victim!
Change your passwords regularly
Use strong passwords
Don’t use the same password for everything!
Use a current browser
Ensure you are using an up-to-date, patched workstation
Ensure you are using an adequate endpoint protection
Stop clicking on things!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!