Dark Web and Darknets OSINT
Published by O'Reilly Media, Inc.
Reconnaissance, investigations, and research
What you’ll learn and how you can apply it
- Access the dark web and darknets securely and safely
- Locate resources on the dark web to aid in your investigation
- Deploy attribution techniques and investigation and evidence-gathering processes
- Use open source, commercial, and private tools for information gathering
- Create a persona to keep your identity safe during research
- Locate nefarious markets, data dumps, and data leaks and take action
- Protect your systems and persona while performing recon
- Find hidden sites and services, and track bitcoin and bitcoin laundering
Course description
The dark web can be one of the most challenging environments to work in for OSINT and law enforcement and perhaps more so for businesses and institutions that are trying to mitigate the damage associated with a data breach or leak. Understanding how to penetrate this hidden realm can help a company’s reputation practitioners regain control more quickly and securely.
This two-day course with cybersecurity architect Joseph Mlodzianowski gives you the tools and strategies to safely investigate Tor-based and darknet entities and platforms. You’ll learn the techniques, processes, and methods for performing reconnaissance of hacked or leaked corporate data, see how to leverage open source tools and surface web resources, and understand data correlation techniques to assist in your investigation. You’ll leave with the skills to plan and execute a dark web and darknet investigation so that you can take appropriate steps to reduce exposure and loss in the event of a data breach.
This live event is for you because...
- You’re tasked with maintaining corporate data integrity and security.
- You’re responsible for ensuring that corporate leadership is practicing good OPSEC.
- You’re concerned about your or your family’s digital footprint and want to understand your exposure and how to mitigate and remediate problems.
Prerequisites
- A working copy of skinny Debian or alternatives Kali Linux or Parrot OS virtual machines to follow demos and exercises
- Download and install dark web class tool setup script “Darksetup” at darkatlas.ai. Installation details are available in the Lab Guide and the website, see setup.
- A working knowledge of Linux, proxies, and VPNs, search engines, search tools, searching on the surface and in the deep web (helpful but not required)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1
Introduction to the dark web and darknets (35 minutes)
- Presentation: Debunking darknet and dark web myths and misconceptions; darknet and dark web terminology, slang, and lingo; emerging darknet markets on Telegram, Discord, Signal, ZeroNet, and I2P; dark web and darknet entry, middle, and exit points; risks and challenges
- Demonstration: Using I2P, Telegram, and the Tor Browser
The Tor network (50 minutes)
- Presentation: The past, present, and future of darknets and the Web; Onion network routing and nodes; Onion relays and bridges; v2 and v3 address types and affinity; Onion routing methodology; directories, directory services, and features
- Hands-on exercise: Install Tor, Tor Browser, and Tor tools
- Break
Finding resources on Tor network (30 minutes)
- Presentation: Tor email and messaging services; blogs and social networks; Tor server hosting services including bulletproof hosting; dark market etiquette and building a reputation on Tor; chat, instant messaging, and discussion boards; public and private news sites; monitoring and discovering new Tor sites and resources; legal uses of Tor sites, services, and resources
- Hands-on exercise: Access email and messaging
Precautions and staying safe (50 minutes)
- Presentation: Configure and use browser SOCKS and proxies; configure and use system proxies and ProxyChains; open, commercial, and build your own VPNs; sock puppets, identity protection, and persona building; creating multiple layers of defense for effective offense; virtual machines, cloud, and dedicated research devices; Docker, Docker images, setup, and operations
- Hands-on exercises: Install, configure, and use VPN and ProxyChains; install and configure Docker and Docker images
- Break
Planning your investigation (35 minutes)
- Presentation: Hunting, target selectors, and acquisition; investigative and case management tools; Hunchly and Maltego; maintaining, storing, and tracking collected information; setting up your own collection database/tracking tools; working with alternative distributions; Tails and Whonix; building, maintaining, and protecting your VM/VPS
- Hands-on exercise: Explore hunting and target selectors
Configure and secure your system and Tor settings (40 minutes)
- Presentation: Tor security features, capabilities, and add-ons; Tor vulnerabilities and limitations; using Tor with proxies and VPNs; Tor network two-way anonymity; Tor scanning and recon tools
- Hands-on exercise: Explore Tor-based features and add-ons
- Q&A
Day 2
Hunting for Tor websites, service, and resources (50 minutes)
- Presentation: Listing and changing your Tor gateway; spread the word of your Tor server, seeding, and search engines; hunting, spidering, pivoting, and tracking next target; finding information leakage, data breaches, and data dump sites; dark web news, media, and whistleblower media sites; private directories and unlisted and invite-only sites
- Hands-on exercise: Explore seed sites, hunting, and tracking
- Break
Strategies and approaches to identifiers (50 minutes)
- Presentation: Selectors, unique identifiers, and artifacts; locating and using administrative, structural, descriptive, and technical metadata; links, data, correlation, and relationship analysis dependencies; data and content validating and assigning classifiers; extracting and examining data/collections in a sandbox
- Hands-on exercise: Explore metadata tools, tactics, and techniques; extract data from images and files
- Break
Workflows, analysis, and attribution (50 minutes)
- Presentation: Attribution techniques and methods; sentiment analysis and categorization; correlating unique identifiers and selectors; gap analysis and filter selection; crypto currency, wallets, and encrypt keys; entity tracking and protocol monitoring; sniffer, traffic analysis, and packet captures; forum and discussion board (vendor, marketplace analysis)
- Hands-on exercises: Explore attribution methods and forums; create Bitcoin addresses without wallets
- Break
Onion-based tools, tricks, and tips (20 minutes)
- Presentation: Custom tools; OnionScan; text analysis and reviewing unstructured data; forums and discussion boards (vendor, marketplace analysis)
Investigative dark web and surface tools (20 minutes)
- Presentation: OnionSearch and OnionIngester; Github tools; Torscraper; open source tools and projects
- Hands-on exercise: Explore Onion-based tools, results, and storage
Wrapping up investigations and analysis (50 minutes)
- Presentation: Reporting and report structure; case management; corporate and LEO reporting; preservation of evidence and chain of custody
- Hands-on exercise: Explore data collection, storage, and reports; explore case management
- Q&A
Your Instructor
Joseph Mlodzianowski
Joseph Mlodzianowski is a twenty-five-year veteran of the cybersecurity field and considered a security aficionado by his peers. He is a traveler and adventurer. He is involved in M3AAWG Messaging Malware Mobile Anti-Abuse industry working group. Joseph is a Security Architect in Cisco’s Managed and Intelligence services. Joseph worked in/for the Department of Defense in various SME roles. He is also involved in the Cisco exam criteria and curriculum for certifications, and he has authored several books. You can also learn more about him on twitter @cedoxx or at darkwb.sh.
Skills covered
- Network Security
- Data Security & Privacy
- Open Source Intelligence (OSINT)