SlideShare a Scribd company logo

Threat Hunting on the Dark Web

Apurv Singh Gautam
Apurv Singh Gautam

Dark web hosts several sites where criminals buy, sell, and trade goods and services. It includes drugs, weapons, exploits, insider information, etc. This is what makes it valuable to security researchers. Threat Intelligence obtained from the dark web can be crucial for any organization. Hunting on the dark web is not an easy task, and it involves lots of time and resources. It can help identify, profiling, and mitigate risks of any organization if done timely and appropriately. In this presentation, I will discuss why threat hunting on the dark web is important and how it can be done using different methodologies. I will also touch upon operational security and why it is essential while performing hunting on the dark web.

Technology
1 of 28
Threat Hunting on the Dark Web
$whoami ◎ Apurv Singh Gautam (@ASG_Sc0rpi0n) ◎ Security Researcher, Threat Intel/Hunting ◎ Research Intern at ICSI, UC Berkeley ◎ Cybersecurity @ Georgia Tech ◎ Hobbies ◎ Contributing to the security community ◎ Gaming/Streaming (Rainbow 6 Siege), Hiking, Lockpicking, etc. ◎ Socials ◎ Twitter - @ASG_Sc0rpi0n ◎ Website – https://apurvsinghgautam.me 2
Agenda ◎ Introduction to the Dark Web ◎ Why hunting on the Dark Web? ◎ Methods to hunt on the Dark Web ◎ OpSec? What’s that? ◎ Conclusion 3
1. Introduction to the Dark Web 4
Clear Web? Deep Web? Dark Web? 5 Image Source: UC San Diego Library
Accessing the Dark Web ◎ Tor /I2P/ZeroNet ◎ .onion domains/.i2p domains ◎ Traffic through relays 6Image Sources: Hotspot Shield, Tor Project, I2P Project, ZeroNet
What’s all the Hype? ◎ Hype ○ Vast and mysterious part of the Internet ○ Place for cybercriminals only ○ Illegal to access the Dark Web ◎ Reality ○ Few reachable onion domains ○ Uptime isn’t ideal ○ Useful for free expression in few countries ○ Popular sites like Facebook, NYTimes, etc. ○ Legal to access the Dark Web 7
Relevant sites? ◎ General Markets ◎ PII & PHI – Personal/Healthcare ◎ Credit Cards ◎ Digital identities ◎ Information Trading ◎ Remote Access ◎ Personal Documents ◎ Electronic Wallets ◎ Insider Threats 8 Image Source: Intsights
Cost of products? ◎ SSN - $1 ◎ Fake FB with 15 friends - $1 ◎ DDoS Service - $7/hr ◎ Rent a Hacker - $12/hr ◎ Credit Card - $20+ ◎ Mobile Malware - $150 ◎ Bank Details - $1000+ ◎ Exploits or 0-days - $150,000+ ◎ Critical databases - $300,000+ 9
Product Listings 10
11 Image Source: Digital Shadows
12 Image Source: Digital Shadows
2. Why hunting on the Dark Web? 13
What is Threat Hunting? ◎ Practice of proactively searching for cyber threats ◎ Hypothesis-based approach ◎ Uses advanced analytics and machine learning investigations ◎ Proactive and iterative search 14
Why So Serious (Eh! Important)? ◎ Hacker forums, darknet markets, dump shops, etc. ◎ Criminals can learn, monetize, trade, and communicate ◎ Identification of compromised assets ◎ Can potentially identify attacks in earlier stages ◎ Direct impacts – PII (Personal Info), financial, EHRs (healthcare records), trade secrets ◎ Indirect impacts – reputation, revenue loss, legal penalties 15
Benefits of Threat Hunting ◎ Keep up with the latest trends of attacks ◎ Prepare SOCs/Incident Responders ◎ Get knowledge of TTPs (Tactics, Techniques, Procedures) to be used ◎ Reduce damage and risks to the organization 16
3. Methods to hunt on the Dark Web 17
Tools ◎ Python ◎ Scrapy ◎ Tor ◎ OnionScan ◎ Privoxy ◎ and many more… 18Image Sources: Tor Project, OnionScan, Python, Scrapy, Privoxy
How Scrapy Works? 19Image Source: Scrapy Docs
HUMINT ◎ Human Intelligence ◎ Most dangerous and difficult form ◎ Most valuable source ◎ Infiltrating forums, markets, etc. ◎ Become one of them ◎ How threat actors think ◎ Can be very risky ◎ Time consuming 20 Image Source: Intsights
4. OpSec? What is that? 21
What is OpSec? ◎ Actions taken to ensure that information leakage doesn’t compromise you or your operations ◎ Derived from US military – Operational Security ◎ PII – Personally Identifiable Information ◎ Not just a process – a mindset ◎ OpSec is Hard 22
Maintaining OpSec in your lifestyle ◎ Hide your real identity ◎ Use VM/Lab or an isolated system ◎ Use Tor over SOCKS or over VPN ◎ Change Time zones ◎ Never talk about your work ◎ Maintain different persona ◎ Take extensive notes ◎ Use password manager 23
5. Conclusion 24
What we discussed so far? ◎ Little about the Dark Web ◎ Dark Web forums/marketplaces ◎ Dark Web threat hunting ◎ Scrapy ◎ HUMINT ◎ A little about OpSec 25
I don’t know how to conclude but.. ◎ Dark Web threat hunting is hard but worth the effort ◎ Keep OpSec in mind ◎ Look at more than one resource ◎ Takes a lot of resources and team effort 26
Resources ◎ Blogs & White papers by Recorded Future ◎ White papers by IntSights ◎ Blogs by Palo Alto’s Unit 42 ◎ Blogs by CrowdStrike ◎ Blogs by CloudSEK ◎ White papers by Digital Shadows 27
Thanks! Any questions? You can contact me at: Twitter: @ASG_Sc0rpi0n LinkedIn: /in/apurvsinghgautam 28

Recommended

The Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfThe Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfHacken
 
A Brief Intro to CTF Contests!
A Brief Intro to CTF Contests!A Brief Intro to CTF Contests!
A Brief Intro to CTF Contests!M. S.
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasUISGCON
 
Welcome to APNIC 48
Welcome to APNIC 48Welcome to APNIC 48
Welcome to APNIC 48APNIC
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsApurv Singh Gautam
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxSaraJayneTerp
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 

Recommended

The Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfThe Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfHacken
 
A Brief Intro to CTF Contests!
A Brief Intro to CTF Contests!A Brief Intro to CTF Contests!
A Brief Intro to CTF Contests!M. S.
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasUISGCON
 
Welcome to APNIC 48
Welcome to APNIC 48Welcome to APNIC 48
Welcome to APNIC 48APNIC
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsApurv Singh Gautam
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxSaraJayneTerp
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep WebTrend Micro
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
Dark Web What it is & How Does it Work
Dark Web What it is & How Does it WorkDark Web What it is & How Does it Work
Dark Web What it is & How Does it WorkOnsite Helper
 
Sharing Session Internal : Computer Security
Sharing Session Internal : Computer SecuritySharing Session Internal : Computer Security
Sharing Session Internal : Computer Securitypmgdscunsri
 
Ethics and technologies - Cybersecurity landscape
Ethics and technologies - Cybersecurity landscapeEthics and technologies - Cybersecurity landscape
Ethics and technologies - Cybersecurity landscapeRoman Trukhin
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9amberkhan59
 
What Are Script Kiddies.pdf
What Are Script Kiddies.pdfWhat Are Script Kiddies.pdf
What Are Script Kiddies.pdfuzair
 
talk-ta3m-crypto-tools-workshop
talk-ta3m-crypto-tools-workshoptalk-ta3m-crypto-tools-workshop
talk-ta3m-crypto-tools-workshopSteve Phillips
 
PKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringPKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringJohn ILIADIS
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseFidelis Cybersecurity
 
1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the World1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the WorldCareer Communications Group
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansendrewz lin
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
 
How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experienceAvădănei Andrei
 
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfThijs Ebbers
 
Network security
Network securityNetwork security
Network securityPushkar Dutt
 
All about Cyber Security - From the perspective of a MS student
All about Cyber Security - From the perspective of a MS studentAll about Cyber Security - From the perspective of a MS student
All about Cyber Security - From the perspective of a MS studentApurv Singh Gautam
 
SIT Summer School (Cyber Security)
SIT Summer School (Cyber Security)SIT Summer School (Cyber Security)
SIT Summer School (Cyber Security)Apurv Singh Gautam
 

More Related Content

Similar to Threat Hunting on the Dark Web

Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep WebTrend Micro
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
Dark Web What it is & How Does it Work
Dark Web What it is & How Does it WorkDark Web What it is & How Does it Work
Dark Web What it is & How Does it WorkOnsite Helper
 
Sharing Session Internal : Computer Security
Sharing Session Internal : Computer SecuritySharing Session Internal : Computer Security
Sharing Session Internal : Computer Securitypmgdscunsri
 
Ethics and technologies - Cybersecurity landscape
Ethics and technologies - Cybersecurity landscapeEthics and technologies - Cybersecurity landscape
Ethics and technologies - Cybersecurity landscapeRoman Trukhin
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
What Are Script Kiddies.pdf
What Are Script Kiddies.pdfWhat Are Script Kiddies.pdf
What Are Script Kiddies.pdfuzair
 
talk-ta3m-crypto-tools-workshop
talk-ta3m-crypto-tools-workshoptalk-ta3m-crypto-tools-workshop
talk-ta3m-crypto-tools-workshopSteve Phillips
 
PKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringPKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringJohn ILIADIS
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseFidelis Cybersecurity
 
1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the World1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the WorldCareer Communications Group
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansendrewz lin
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
 
How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experienceAvădănei Andrei
 
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfThijs Ebbers
 

Similar to Threat Hunting on the Dark Web (20)

Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
Dark Web What it is & How Does it Work
Dark Web What it is & How Does it WorkDark Web What it is & How Does it Work
Dark Web What it is & How Does it Work
 
Sharing Session Internal : Computer Security
Sharing Session Internal : Computer SecuritySharing Session Internal : Computer Security
Sharing Session Internal : Computer Security
 
Ethics and technologies - Cybersecurity landscape
Ethics and technologies - Cybersecurity landscapeEthics and technologies - Cybersecurity landscape
Ethics and technologies - Cybersecurity landscape
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9
 
What Are Script Kiddies.pdf
What Are Script Kiddies.pdfWhat Are Script Kiddies.pdf
What Are Script Kiddies.pdf
 
talk-ta3m-crypto-tools-workshop
talk-ta3m-crypto-tools-workshoptalk-ta3m-crypto-tools-workshop
talk-ta3m-crypto-tools-workshop
 
PKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringPKI: Overpromising and Underdelivering
PKI: Overpromising and Underdelivering
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception Defense
 
1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the World1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the World
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansen
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
 
How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
 
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdf
 
Network security
Network securityNetwork security
Network security
 

More from Apurv Singh Gautam

All about Cyber Security - From the perspective of a MS student
All about Cyber Security - From the perspective of a MS studentAll about Cyber Security - From the perspective of a MS student
All about Cyber Security - From the perspective of a MS studentApurv Singh Gautam
 
SIT Summer School (Cyber Security)
SIT Summer School (Cyber Security)SIT Summer School (Cyber Security)
SIT Summer School (Cyber Security)Apurv Singh Gautam
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Apurv Singh Gautam
 
Encrypted database management system
Encrypted database management systemEncrypted database management system
Encrypted database management systemApurv Singh Gautam
 

More from Apurv Singh Gautam (14)

All about Cyber Security - From the perspective of a MS student
All about Cyber Security - From the perspective of a MS studentAll about Cyber Security - From the perspective of a MS student
All about Cyber Security - From the perspective of a MS student
 
SIT Summer School (Cyber Security)
SIT Summer School (Cyber Security)SIT Summer School (Cyber Security)
SIT Summer School (Cyber Security)
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
 
Cyber Security Seminar Day 1
Cyber Security Seminar Day 1Cyber Security Seminar Day 1
Cyber Security Seminar Day 1
 
Cyber Security Fundamentals
Cyber Security FundamentalsCyber Security Fundamentals
Cyber Security Fundamentals
 
Bitcoin Forensics
Bitcoin ForensicsBitcoin Forensics
Bitcoin Forensics
 
Log Out Cyber Awareness
Log Out Cyber AwarenessLog Out Cyber Awareness
Log Out Cyber Awareness
 
OSINT
OSINTOSINT
OSINT
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)
 
Anonymous traffic network
Anonymous traffic networkAnonymous traffic network
Anonymous traffic network
 
Flexible Displays
Flexible DisplaysFlexible Displays
Flexible Displays
 
India against corruption
India against corruptionIndia against corruption
India against corruption
 
Encrypted database management system
Encrypted database management systemEncrypted database management system
Encrypted database management system
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 

Threat Hunting on the Dark Web

  • 2. $whoami ◎ Apurv Singh Gautam (@ASG_Sc0rpi0n) ◎ Security Researcher, Threat Intel/Hunting ◎ Research Intern at ICSI, UC Berkeley ◎ Cybersecurity @ Georgia Tech ◎ Hobbies ◎ Contributing to the security community ◎ Gaming/Streaming (Rainbow 6 Siege), Hiking, Lockpicking, etc. ◎ Socials ◎ Twitter - @ASG_Sc0rpi0n ◎ Website – https://apurvsinghgautam.me 2
  • 3. Agenda ◎ Introduction to the Dark Web ◎ Why hunting on the Dark Web? ◎ Methods to hunt on the Dark Web ◎ OpSec? What’s that? ◎ Conclusion 3
  • 5. Clear Web? Deep Web? Dark Web? 5 Image Source: UC San Diego Library
  • 6. Accessing the Dark Web ◎ Tor /I2P/ZeroNet ◎ .onion domains/.i2p domains ◎ Traffic through relays 6Image Sources: Hotspot Shield, Tor Project, I2P Project, ZeroNet
  • 7. What’s all the Hype? ◎ Hype ○ Vast and mysterious part of the Internet ○ Place for cybercriminals only ○ Illegal to access the Dark Web ◎ Reality ○ Few reachable onion domains ○ Uptime isn’t ideal ○ Useful for free expression in few countries ○ Popular sites like Facebook, NYTimes, etc. ○ Legal to access the Dark Web 7
  • 8. Relevant sites? ◎ General Markets ◎ PII & PHI – Personal/Healthcare ◎ Credit Cards ◎ Digital identities ◎ Information Trading ◎ Remote Access ◎ Personal Documents ◎ Electronic Wallets ◎ Insider Threats 8 Image Source: Intsights
  • 9. Cost of products? ◎ SSN - $1 ◎ Fake FB with 15 friends - $1 ◎ DDoS Service - $7/hr ◎ Rent a Hacker - $12/hr ◎ Credit Card - $20+ ◎ Mobile Malware - $150 ◎ Bank Details - $1000+ ◎ Exploits or 0-days - $150,000+ ◎ Critical databases - $300,000+ 9
  • 13. 2. Why hunting on the Dark Web? 13
  • 14. What is Threat Hunting? ◎ Practice of proactively searching for cyber threats ◎ Hypothesis-based approach ◎ Uses advanced analytics and machine learning investigations ◎ Proactive and iterative search 14
  • 15. Why So Serious (Eh! Important)? ◎ Hacker forums, darknet markets, dump shops, etc. ◎ Criminals can learn, monetize, trade, and communicate ◎ Identification of compromised assets ◎ Can potentially identify attacks in earlier stages ◎ Direct impacts – PII (Personal Info), financial, EHRs (healthcare records), trade secrets ◎ Indirect impacts – reputation, revenue loss, legal penalties 15
  • 16. Benefits of Threat Hunting ◎ Keep up with the latest trends of attacks ◎ Prepare SOCs/Incident Responders ◎ Get knowledge of TTPs (Tactics, Techniques, Procedures) to be used ◎ Reduce damage and risks to the organization 16
  • 17. 3. Methods to hunt on the Dark Web 17
  • 18. Tools ◎ Python ◎ Scrapy ◎ Tor ◎ OnionScan ◎ Privoxy ◎ and many more… 18Image Sources: Tor Project, OnionScan, Python, Scrapy, Privoxy
  • 19. How Scrapy Works? 19Image Source: Scrapy Docs
  • 20. HUMINT ◎ Human Intelligence ◎ Most dangerous and difficult form ◎ Most valuable source ◎ Infiltrating forums, markets, etc. ◎ Become one of them ◎ How threat actors think ◎ Can be very risky ◎ Time consuming 20 Image Source: Intsights
  • 22. What is OpSec? ◎ Actions taken to ensure that information leakage doesn’t compromise you or your operations ◎ Derived from US military – Operational Security ◎ PII – Personally Identifiable Information ◎ Not just a process – a mindset ◎ OpSec is Hard 22
  • 23. Maintaining OpSec in your lifestyle ◎ Hide your real identity ◎ Use VM/Lab or an isolated system ◎ Use Tor over SOCKS or over VPN ◎ Change Time zones ◎ Never talk about your work ◎ Maintain different persona ◎ Take extensive notes ◎ Use password manager 23
  • 25. What we discussed so far? ◎ Little about the Dark Web ◎ Dark Web forums/marketplaces ◎ Dark Web threat hunting ◎ Scrapy ◎ HUMINT ◎ A little about OpSec 25
  • 26. I don’t know how to conclude but.. ◎ Dark Web threat hunting is hard but worth the effort ◎ Keep OpSec in mind ◎ Look at more than one resource ◎ Takes a lot of resources and team effort 26
  • 27. Resources ◎ Blogs & White papers by Recorded Future ◎ White papers by IntSights ◎ Blogs by Palo Alto’s Unit 42 ◎ Blogs by CrowdStrike ◎ Blogs by CloudSEK ◎ White papers by Digital Shadows 27
  • 28. Thanks! Any questions? You can contact me at: Twitter: @ASG_Sc0rpi0n LinkedIn: /in/apurvsinghgautam 28