The document presents insights from a conference on cyber threat intelligence and information security held in Pune, India, in 2018. It discusses various types of cyber attacks, including targeted and non-targeted attacks, and emphasizes the importance of threat intelligence, operational security (opsec), and research ethics in managing these risks. Additionally, the document explores tools and strategies for utilizing open source intelligence (OSINT) effectively, as well as best practices for ensuring online privacy and security.

1. SACON
SACON Pune 2018
India | Pune | May 18 – 19 | Hotel Hyatt Pune
Exploring Darkweb for Threat
Intelligence
Rohit Srivastwa
Quick Heal Technologies Ltd
Sr. Director-Cyber Education & Services
@rohit11

2. SACON 2018
• Protection of Information from Threats
• It is all about protecting
• Confidentiality
• Integrity
• Authenticity
• Availability
• Reliability
Information Security

3. SACON 2018
• Cyber risk can be defined as the risk connected to activity online,
internet trading, electronic systems and technological networks, as
well as storage of personal data
• Types of Cyber Attacks
o Non - Targeted
o Targeted
Cyber Risks and Threats

4. SACON 2018
Targeted Attacks:
– Spear-phishing
– Defacement
– Botnet
– Subverting the supply chain
Non- Targeted Attacks:
– Phishing
– Watering Hole
– Ransomware
– Scanning
– Credential Stealing
Targeted & Non- Targeted Attacks

5. SACON 2018
Attack Life Cycle – Kill Chain
Lockheed Kill Chain Model

6. SACON 2018
In Simple terms - Threat intelligence, also known as
cyber threat intelligence (CTI), is organized, analyzed
and refined information about potential or current
attacks that threaten an organization.
Cyber Threat Intelligence

7. SACON 2018
• Advanced Persistent Threat (APT)
• Application Programming Interface (API
• Attribution
• Command and Control (C&C) server
• Threat Actor
• HUMINT
• Phishing
• Distributed Denial of Service (DDoS) attack
• Hacktivist
• Honeypot
• And many more….
CTI Jargons

8. SACON 2018
• Maintain utmost privacy
• Do not misuse the information/data
• Do not discuss the sensitive information outside
of team
• Never try to get monitory benefits from the
data/information
• Always report incidents of national importance to
relevant authorities
Research Ethics

9. SACON 2018
• Open Source INTelligence
• Collecting information/intelligence from publicly
available source
• Not limited to cyber security
• Why OSINT matters?
OSINT

10. SACON 2018
• Google is much more than just a search engine.
• Various tools and search modifiers that you can
leverage.
• A lot of data accessible to Google crawler, which is
not available to you.
OSINT using Google

11. SACON 2018
Advance Search Page

12. SACON 2018
• Allows to create our own search engine (sort of) on
top of Google
• Allows to narrow down 11.5 billion indexed
webpages down to relevant results
• Visit : Exploitsearch.com
• Include or exclude results from a list of specific
websites
Google Custom Search Engine

13. SACON 2018
• Every time Google crawls a page, it saves a copy of it.
• This copy is generally accessible through Google Cache.
• One can see a search result’s cached copy as:
Google Cache

14. SACON 2018
• Search operators to use with Google queries
• Dorking is also, sometimes, referred as Google
Hacking
• Can be used to reveal sensitive documents, email
information, website vulnerabilities, etc.
• Like other tools mentioned before, allows to narrow
down search to relevant details
Google Dorks

15. SACON 2018
• There are a lots of search engines which are helpful
• Some of them are for specialized queries only
• Some of them offer features not provided by Google
• For example, did you know there’s a search engine
for forums.
Beyond Google

16. SACON 2018
Deep Web Search Engine

17. SACON 2018
Image Search Engines

18. SACON 2018
Bing Reverse IP Lookup

19. SACON 2018
Wolfram Alpha Sub-domains Listing

20. SACON 2018
Company Data Lookup (Zauba)

21. SACON 2018
• Why Social Media
• Because we all love posting selfies and our locations
• But who cares about privacy.
• Where to look : Plenty of places to look, for example:
• Twitter
• Facebook
• Public directories
Social Media re-Search

22. SACON 2018
Twitter

23. SACON 2018
Facebook

24. SACON 2018
Pipl.com

25. SACON 2018
Namechk.com

26. SACON 2018
Linkedin People Search

27. SACON 2018
Paste Sites – Pastebin.com Trends

28. SACON 2018
Paste Sites – Pastebin.com

29. SACON 2018
• OSINT Feeds
• Phishing Feeds
• Malware Feeds
• RSS Feeds
Lots of free and commercial options available
Feeds

30. SACON 2018
Phishing URLs

31. SACON 2018
Zone-h Defacement Archives

32. SACON 2018
Mailing Lists

33. SACON 2018
RSS Feeds

34. SACON 2018
Maltego YouGetSignal
Datasploit Creepy
Information Security

35. SACON 2018
• Operation security is nothing but self security
• Why OPSEC
• Who needs it?
• How to achieve it?
Operation Security (OPSEC)

36. SACON 2018
• Virtual Private Network (VPN)
• The Onion Router (TOR)
• Password Manager
• Time zone settings
Basics of OPSEC

37. SACON 2018
• Never remember passwords instead generate them
• Different password for each account.
• Consider basics of OPSEC
• Never ever use base machine for accessing deep web
OPSEC Best Practices

38. SACON 2018
• Internet that we know
• Crawled and indexed by search engines
Clear Net

39. SACON 2018
Cyber Threat - Data breaches
And Many More….

40. SACON 2018
Clear Net Forums

41. SACON 2018
• Dark Net
• Dark Web
• Deep Web
Internet Dark Places

42. SACON 2018
Tor - The Onion Router

43. SACON 2018
Dark Net Forums

44. SACON 2018
ZeroNet – How to access deep web

45. SACON 2018
Cyber Marketplaces

46. SACON 2018
Onion Search Engines

47. SACON 2018
Communication Channels

48. SACON 2018
Communication Channels

49. SACON 2018
Quick Contact
Thank You
www.rohit11.com
rohit@rohit11.com
@rohit11