Apurv Singh Gautam, profile picture
Uploaded byApurv Singh Gautam
277 views

Threat Hunting on the Dark Web

The document discusses threat hunting on the dark web, covering its definition, importance, and methods used for effective hunting. It emphasizes the need for operational security (opsec) to prevent information leaks while navigating dark web forums and marketplaces. The document also outlines various tools and techniques utilized in threat hunting, and stresses the complexity and resource demands of the process.

Embed presentation

Threat Hunting on the Dark Web
$whoami ◎ Apurv Singh Gautam (@ASG_Sc0rpi0n) ◎ Security Researcher, Threat Intel/Hunting ◎ Research Intern at ICSI, UC Berkeley ◎ Cybersecurity @ Georgia Tech ◎ Hobbies ◎ Contributing to the security community ◎ Gaming/Streaming (Rainbow 6 Siege), Hiking, Lockpicking, etc. ◎ Socials ◎ Twitter - @ASG_Sc0rpi0n ◎ Website – https://apurvsinghgautam.me 2
Agenda ◎ Introduction to the Dark Web ◎ Why hunting on the Dark Web? ◎ Methods to hunt on the Dark Web ◎ OpSec? What’s that? ◎ Conclusion 3
1. Introduction to the Dark Web 4
Clear Web? Deep Web? Dark Web? 5 Image Source: UC San Diego Library
Accessing the Dark Web ◎ Tor /I2P/ZeroNet ◎ .onion domains/.i2p domains ◎ Traffic through relays 6Image Sources: Hotspot Shield, Tor Project, I2P Project, ZeroNet
What’s all the Hype? ◎ Hype ○ Vast and mysterious part of the Internet ○ Place for cybercriminals only ○ Illegal to access the Dark Web ◎ Reality ○ Few reachable onion domains ○ Uptime isn’t ideal ○ Useful for free expression in few countries ○ Popular sites like Facebook, NYTimes, etc. ○ Legal to access the Dark Web 7
Relevant sites? ◎ General Markets ◎ PII & PHI – Personal/Healthcare ◎ Credit Cards ◎ Digital identities ◎ Information Trading ◎ Remote Access ◎ Personal Documents ◎ Electronic Wallets ◎ Insider Threats 8 Image Source: Intsights
Cost of products? ◎ SSN - $1 ◎ Fake FB with 15 friends - $1 ◎ DDoS Service - $7/hr ◎ Rent a Hacker - $12/hr ◎ Credit Card - $20+ ◎ Mobile Malware - $150 ◎ Bank Details - $1000+ ◎ Exploits or 0-days - $150,000+ ◎ Critical databases - $300,000+ 9
Product Listings 10
11 Image Source: Digital Shadows
12 Image Source: Digital Shadows
2. Why hunting on the Dark Web? 13
What is Threat Hunting? ◎ Practice of proactively searching for cyber threats ◎ Hypothesis-based approach ◎ Uses advanced analytics and machine learning investigations ◎ Proactive and iterative search 14
Why So Serious (Eh! Important)? ◎ Hacker forums, darknet markets, dump shops, etc. ◎ Criminals can learn, monetize, trade, and communicate ◎ Identification of compromised assets ◎ Can potentially identify attacks in earlier stages ◎ Direct impacts – PII (Personal Info), financial, EHRs (healthcare records), trade secrets ◎ Indirect impacts – reputation, revenue loss, legal penalties 15
Benefits of Threat Hunting ◎ Keep up with the latest trends of attacks ◎ Prepare SOCs/Incident Responders ◎ Get knowledge of TTPs (Tactics, Techniques, Procedures) to be used ◎ Reduce damage and risks to the organization 16
3. Methods to hunt on the Dark Web 17
Tools ◎ Python ◎ Scrapy ◎ Tor ◎ OnionScan ◎ Privoxy ◎ and many more… 18Image Sources: Tor Project, OnionScan, Python, Scrapy, Privoxy
How Scrapy Works? 19Image Source: Scrapy Docs
HUMINT ◎ Human Intelligence ◎ Most dangerous and difficult form ◎ Most valuable source ◎ Infiltrating forums, markets, etc. ◎ Become one of them ◎ How threat actors think ◎ Can be very risky ◎ Time consuming 20 Image Source: Intsights
4. OpSec? What is that? 21
What is OpSec? ◎ Actions taken to ensure that information leakage doesn’t compromise you or your operations ◎ Derived from US military – Operational Security ◎ PII – Personally Identifiable Information ◎ Not just a process – a mindset ◎ OpSec is Hard 22
Maintaining OpSec in your lifestyle ◎ Hide your real identity ◎ Use VM/Lab or an isolated system ◎ Use Tor over SOCKS or over VPN ◎ Change Time zones ◎ Never talk about your work ◎ Maintain different persona ◎ Take extensive notes ◎ Use password manager 23
5. Conclusion 24
What we discussed so far? ◎ Little about the Dark Web ◎ Dark Web forums/marketplaces ◎ Dark Web threat hunting ◎ Scrapy ◎ HUMINT ◎ A little about OpSec 25
I don’t know how to conclude but.. ◎ Dark Web threat hunting is hard but worth the effort ◎ Keep OpSec in mind ◎ Look at more than one resource ◎ Takes a lot of resources and team effort 26
Resources ◎ Blogs & White papers by Recorded Future ◎ White papers by IntSights ◎ Blogs by Palo Alto’s Unit 42 ◎ Blogs by CrowdStrike ◎ Blogs by CloudSEK ◎ White papers by Digital Shadows 27
Thanks! Any questions? You can contact me at: Twitter: @ASG_Sc0rpi0n LinkedIn: /in/apurvsinghgautam 28

More Related Content

PDF
The Risks of YOLOing-2.pdf
byHacken
 
PPTX
A Brief Intro to CTF Contests!
byM. S.
 
PDF
Ajeet Singh - The FBI Overseas
byUISGCON
 
PDF
Welcome to APNIC 48
byAPNIC
 
PPTX
Automating Threat Hunting on the Dark Web and other nitty-gritty things
byApurv Singh Gautam
 
PDF
Dark Web and Threat Intelligence
byMarlabs
 
PPTX
Demystifying the Dark Web
byTom Kranz
 
PPT
Cyber Security - Dark Web by Dr.Purushottam Petare.ppt
byDr.Purushottam Petare
 
The Risks of YOLOing-2.pdf
byHacken
 
A Brief Intro to CTF Contests!
byM. S.
 
Ajeet Singh - The FBI Overseas
byUISGCON
 
Welcome to APNIC 48
byAPNIC
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
byApurv Singh Gautam
 
Dark Web and Threat Intelligence
byMarlabs
 
Demystifying the Dark Web
byTom Kranz
 
Cyber Security - Dark Web by Dr.Purushottam Petare.ppt
byDr.Purushottam Petare
 

Similar to Threat Hunting on the Dark Web

PDF
Unveiling the Dark Web_ A Cloak of Secrecy, Crime, and Nefarious Activities.pdf
byjoneswaylon890
 
PPTX
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
PPTX
Case Study on Dark Web:Insights, Risks & Security Measures
byBNAWAZALIHASHMI
 
PPTX
The-Dark-Web-Exploring-the-Internets-Underbelly.pptx
bySomuKoteswarareddy
 
PDF
[Bucharest] #DontTrustTheDarkSide
byOWASP EEE
 
PDF
Dark Web Site.pdf
byDarkWebLink1
 
PDF
The Dark web - Why the hidden part of the web is even more dangerous?
byPierluigi Paganini
 
PPTX
unit-1.pptx
bySrinivas Kanakala
 
PPTX
Dark Web and Privacy
byBrian Pichman
 
PPTX
Hacking and Cyber Security.
byKalpesh Doru
 
PDF
Cyber espionage - Tinker, taylor, soldier, spy
byb coatesworth
 
PPTX
Pichman privacy, the dark web, & hacker devices i school (1)
byStephen Abram
 
PPTX
Investigating Using the Dark Web
byCase IQ
 
PPTX
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
byGeetha982072
 
PPTX
Darknet
byBijayKumarSingh11
 
PPTX
Dark Web.pptx
byeliofatjon
 
PDF
Dark web
byTopLinkSeo
 
PPTX
dark_web_recreated ndnsdnfewfeifefnefeein
byKashifKhan912000
 
PPTX
Deep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen
byGetting value from IoT, Integration and Data Analytics
 
PDF
Dw communication
byArjun Chetry
 
Unveiling the Dark Web_ A Cloak of Secrecy, Crime, and Nefarious Activities.pdf
byjoneswaylon890
 
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
Case Study on Dark Web:Insights, Risks & Security Measures
byBNAWAZALIHASHMI
 
The-Dark-Web-Exploring-the-Internets-Underbelly.pptx
bySomuKoteswarareddy
 
[Bucharest] #DontTrustTheDarkSide
byOWASP EEE
 
Dark Web Site.pdf
byDarkWebLink1
 
The Dark web - Why the hidden part of the web is even more dangerous?
byPierluigi Paganini
 
unit-1.pptx
bySrinivas Kanakala
 
Dark Web and Privacy
byBrian Pichman
 
Hacking and Cyber Security.
byKalpesh Doru
 
Cyber espionage - Tinker, taylor, soldier, spy
byb coatesworth
 
Pichman privacy, the dark web, & hacker devices i school (1)
byStephen Abram
 
Investigating Using the Dark Web
byCase IQ
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
byGeetha982072
 
Darknet
byBijayKumarSingh11
 
Dark Web.pptx
byeliofatjon
 
Dark web
byTopLinkSeo
 
dark_web_recreated ndnsdnfewfeifefnefeein
byKashifKhan912000
 
Deep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen
byGetting value from IoT, Integration and Data Analytics
 
Dw communication
byArjun Chetry
 

More from Apurv Singh Gautam

PDF
All about Cyber Security - From the perspective of a MS student
byApurv Singh Gautam
 
PPTX
SIT Summer School (Cyber Security)
byApurv Singh Gautam
 
PPTX
Cyber Security Seminar Day 2
byApurv Singh Gautam
 
PPTX
Cyber Security Seminar Day 1
byApurv Singh Gautam
 
PPTX
Cyber Security Fundamentals
byApurv Singh Gautam
 
PPTX
Bitcoin Forensics
byApurv Singh Gautam
 
PDF
Log Out Cyber Awareness
byApurv Singh Gautam
 
PPTX
OSINT
byApurv Singh Gautam
 
PPTX
Intro to Network Vapt
byApurv Singh Gautam
 
PPTX
Security News Bytes (Aug Sept 2017)
byApurv Singh Gautam
 
PPTX
Anonymous traffic network
byApurv Singh Gautam
 
PPTX
Flexible Displays
byApurv Singh Gautam
 
PPTX
India against corruption
byApurv Singh Gautam
 
PPTX
Encrypted database management system
byApurv Singh Gautam
 
All about Cyber Security - From the perspective of a MS student
byApurv Singh Gautam
 
SIT Summer School (Cyber Security)
byApurv Singh Gautam
 
Cyber Security Seminar Day 2
byApurv Singh Gautam
 
Cyber Security Seminar Day 1
byApurv Singh Gautam
 
Cyber Security Fundamentals
byApurv Singh Gautam
 
Bitcoin Forensics
byApurv Singh Gautam
 
Log Out Cyber Awareness
byApurv Singh Gautam
 
OSINT
byApurv Singh Gautam
 
Intro to Network Vapt
byApurv Singh Gautam
 
Security News Bytes (Aug Sept 2017)
byApurv Singh Gautam
 
Anonymous traffic network
byApurv Singh Gautam
 
Flexible Displays
byApurv Singh Gautam
 
India against corruption
byApurv Singh Gautam
 
Encrypted database management system
byApurv Singh Gautam
 

Recently uploaded

PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
API-First Architecture in Financial Systems
bycyy111112
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 

Threat Hunting on the Dark Web

  • 1.
  • 2.
    $whoami ◎ Apurv SinghGautam (@ASG_Sc0rpi0n) ◎ Security Researcher, Threat Intel/Hunting ◎ Research Intern at ICSI, UC Berkeley ◎ Cybersecurity @ Georgia Tech ◎ Hobbies ◎ Contributing to the security community ◎ Gaming/Streaming (Rainbow 6 Siege), Hiking, Lockpicking, etc. ◎ Socials ◎ Twitter - @ASG_Sc0rpi0n ◎ Website – https://apurvsinghgautam.me 2
  • 3.
    Agenda ◎ Introduction tothe Dark Web ◎ Why hunting on the Dark Web? ◎ Methods to hunt on the Dark Web ◎ OpSec? What’s that? ◎ Conclusion 3
  • 4.
  • 5.
    Clear Web? DeepWeb? Dark Web? 5 Image Source: UC San Diego Library
  • 6.
    Accessing the DarkWeb ◎ Tor /I2P/ZeroNet ◎ .onion domains/.i2p domains ◎ Traffic through relays 6Image Sources: Hotspot Shield, Tor Project, I2P Project, ZeroNet
  • 7.
    What’s all theHype? ◎ Hype ○ Vast and mysterious part of the Internet ○ Place for cybercriminals only ○ Illegal to access the Dark Web ◎ Reality ○ Few reachable onion domains ○ Uptime isn’t ideal ○ Useful for free expression in few countries ○ Popular sites like Facebook, NYTimes, etc. ○ Legal to access the Dark Web 7
  • 8.
    Relevant sites? ◎ GeneralMarkets ◎ PII & PHI – Personal/Healthcare ◎ Credit Cards ◎ Digital identities ◎ Information Trading ◎ Remote Access ◎ Personal Documents ◎ Electronic Wallets ◎ Insider Threats 8 Image Source: Intsights
  • 9.
    Cost of products? ◎SSN - $1 ◎ Fake FB with 15 friends - $1 ◎ DDoS Service - $7/hr ◎ Rent a Hacker - $12/hr ◎ Credit Card - $20+ ◎ Mobile Malware - $150 ◎ Bank Details - $1000+ ◎ Exploits or 0-days - $150,000+ ◎ Critical databases - $300,000+ 9
  • 10.
  • 11.
  • 12.
  • 13.
    2. Why hunting onthe Dark Web? 13
  • 14.
    What is ThreatHunting? ◎ Practice of proactively searching for cyber threats ◎ Hypothesis-based approach ◎ Uses advanced analytics and machine learning investigations ◎ Proactive and iterative search 14
  • 15.
    Why So Serious(Eh! Important)? ◎ Hacker forums, darknet markets, dump shops, etc. ◎ Criminals can learn, monetize, trade, and communicate ◎ Identification of compromised assets ◎ Can potentially identify attacks in earlier stages ◎ Direct impacts – PII (Personal Info), financial, EHRs (healthcare records), trade secrets ◎ Indirect impacts – reputation, revenue loss, legal penalties 15
  • 16.
    Benefits of ThreatHunting ◎ Keep up with the latest trends of attacks ◎ Prepare SOCs/Incident Responders ◎ Get knowledge of TTPs (Tactics, Techniques, Procedures) to be used ◎ Reduce damage and risks to the organization 16
  • 17.
    3. Methods to hunton the Dark Web 17
  • 18.
    Tools ◎ Python ◎ Scrapy ◎Tor ◎ OnionScan ◎ Privoxy ◎ and many more… 18Image Sources: Tor Project, OnionScan, Python, Scrapy, Privoxy
  • 19.
    How Scrapy Works? 19ImageSource: Scrapy Docs
  • 20.
    HUMINT ◎ Human Intelligence ◎Most dangerous and difficult form ◎ Most valuable source ◎ Infiltrating forums, markets, etc. ◎ Become one of them ◎ How threat actors think ◎ Can be very risky ◎ Time consuming 20 Image Source: Intsights
  • 21.
  • 22.
    What is OpSec? ◎Actions taken to ensure that information leakage doesn’t compromise you or your operations ◎ Derived from US military – Operational Security ◎ PII – Personally Identifiable Information ◎ Not just a process – a mindset ◎ OpSec is Hard 22
  • 23.
    Maintaining OpSec inyour lifestyle ◎ Hide your real identity ◎ Use VM/Lab or an isolated system ◎ Use Tor over SOCKS or over VPN ◎ Change Time zones ◎ Never talk about your work ◎ Maintain different persona ◎ Take extensive notes ◎ Use password manager 23
  • 24.
  • 25.
    What we discussedso far? ◎ Little about the Dark Web ◎ Dark Web forums/marketplaces ◎ Dark Web threat hunting ◎ Scrapy ◎ HUMINT ◎ A little about OpSec 25
  • 26.
    I don’t knowhow to conclude but.. ◎ Dark Web threat hunting is hard but worth the effort ◎ Keep OpSec in mind ◎ Look at more than one resource ◎ Takes a lot of resources and team effort 26
  • 27.
    Resources ◎ Blogs &White papers by Recorded Future ◎ White papers by IntSights ◎ Blogs by Palo Alto’s Unit 42 ◎ Blogs by CrowdStrike ◎ Blogs by CloudSEK ◎ White papers by Digital Shadows 27
  • 28.
    Thanks! Any questions? You cancontact me at: Twitter: @ASG_Sc0rpi0n LinkedIn: /in/apurvsinghgautam 28