GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
JamesAnderson135
267 views
20 slides
Apr 29, 2024
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
It's important to remember that accessing the dark web can be risky and requires specialized skills and tools. Many organizations leverage threat intelligence companies that have a safe and legal way to monitor these areas and extract valuable information.
Let's shine some light on the Dark...
Slide Content
Dark Web Overview
What it is/isn’t and why you should care
‘Ii Recorded Future’
What it is/isn’t and why you should care
‘Ii Recorded Future’
Agenda
e What is the dark web and how is it different from
the clearnet
e Types of sources
e Why so popular/widely used by cybercriminals
Note: Do not access any of these websites on your
personal devices
e What is the dark web and how is it different from
the clearnet
e Types of sources
e Why so popular/widely used by cybercriminals
Note: Do not access any of these websites on your
personal devices
What is the Dark Web
e Part of the internet that is not indexed by search engines and
requires special software
e Itis legal
o Facebook:
facebookwkhpilnemxj7asaniu7 vnjjbiltxjqghye3mhbshg7kxStfyd[.Jonion |
e “Criminal web” (Cybercrime): both dark web + clearnet
Iil-Recorded Future” > A
e Part of the internet that is not indexed by search engines and
requires special software
e Itis legal
o Facebook:
facebookwkhpilnemxj7asaniu7 vnjjbiltxjqghye3mhbshg7kxStfyd[.Jonion |
e “Criminal web” (Cybercrime): both dark web + clearnet
Iil-Recorded Future” > A
What is the difference?
+ Clearnet: the internet you use on a daily
basis:
- Facebook, ESPN, BBC, and more
amazon
« Dark Web: requires special software to
access
- Tor or I2P (legal to use)
— Legit clearnet websites on Tor
— Goal: Obfuscation
O) AlphaBay Market
+ Clearnet: the internet you use on a daily
basis:
- Facebook, ESPN, BBC, and more
amazon
« Dark Web: requires special software to
access
- Tor or I2P (legal to use)
— Legit clearnet websites on Tor
— Goal: Obfuscation
O) AlphaBay Market
ES) How Tor Works: 2 E) Tor node
|
++ æ unencrypted link | |
—+ encrypted link
Alice
> >
Step 2: Alice's Tor client
picks a random path to
destination server. Green |
links are encrypted, red
links are in the clear.
= » | + |
Dave = = Bob
|
++ æ unencrypted link | |
—+ encrypted link
Alice
> >
Step 2: Alice's Tor client
picks a random path to
destination server. Green |
links are encrypted, red
links are in the clear.
= » | + |
Dave = = Bob
Criminal Web: Landscape
+. Main ecosystem:
— Marketplaces: All commodities
— Shops: specific commodities
— Forums: messaging boards/billboards
« Role of messaging platform
- Instantaneous communication for
negotiations/ “feel you out”
— Examples: Telegram, Signal, Kik, Wickr,
and more
-Él-Recorded Future
+. Main ecosystem:
— Marketplaces: All commodities
— Shops: specific commodities
— Forums: messaging boards/billboards
« Role of messaging platform
- Instantaneous communication for
negotiations/ “feel you out”
— Examples: Telegram, Signal, Kik, Wickr,
and more
-Él-Recorded Future
Marketplaces
Multiple commodities: Walmart for criminals
-lil-Recorded Future
Multiple commodities: Walmart for criminals
-lil-Recorded Future
dp Recorded Future
Marketplace: SuperMarket
‘Superttarkot dame nossuso | Y He Gt €
Market Vase pot Fl Cosine ren
Den
== Sr |
carecomes 50
Barbiurates re
is ‘sae et a soot. a Sots coon m ee
2 een
Digital Goods in mad
Dessocistres 2
Ecstasy T = er u)
PERS — Carding machine by X-Rob (ALL STABLE & CLEA... 5 000 240 Il
causes ME Be u.
Lab Chemicals DER ed Sates teri Wer ii 0
mi | a, == Sse ais
ee \ CRE CRE i
Poycracates es —
pee
steroids roe
Modafinil 200mg | UK Pharmacy | NDD 4.74
Starts Lors Rene Mead as
Tobacco. United Kingdom to United Kungaom. ee)
Pharmaceuticals | Ass 0 Can
Où Praia!
se
ar Redon a
— = ss ” .
AE SiO ae . . E
NA = CURE ec
Marketplace: SuperMarket
‘Superttarkot dame nossuso | Y He Gt €
Market Vase pot Fl Cosine ren
Den
== Sr |
carecomes 50
Barbiurates re
is ‘sae et a soot. a Sots coon m ee
2 een
Digital Goods in mad
Dessocistres 2
Ecstasy T = er u)
PERS — Carding machine by X-Rob (ALL STABLE & CLEA... 5 000 240 Il
causes ME Be u.
Lab Chemicals DER ed Sates teri Wer ii 0
mi | a, == Sse ais
ee \ CRE CRE i
Poycracates es —
pee
steroids roe
Modafinil 200mg | UK Pharmacy | NDD 4.74
Starts Lors Rene Mead as
Tobacco. United Kingdom to United Kungaom. ee)
Pharmaceuticals | Ass 0 Can
Où Praia!
se
ar Redon a
— = ss ” .
AE SiO ae . . E
NA = CURE ec
Shops
Similar to marketplaces but focus on specific commodities
E Peal And Pare °° "©
O ro
NEWS ANO UPDATES
BASENAME :| oo
VALIDATE TOP QUALITY
ENJOY THE RAREST STUFF ON MARKET AT BEST
a IT REAL AND RARE.
a
A
A
— —
«Iil-Recorded Future
Similar to marketplaces but focus on specific commodities
E Peal And Pare °° "©
O ro
NEWS ANO UPDATES
BASENAME :| oo
VALIDATE TOP QUALITY
ENJOY THE RAREST STUFF ON MARKET AT BEST
a IT REAL AND RARE.
a
A
A
— —
«Iil-Recorded Future
Addres
Shop: Russian Market
Reine D
Reine D
Rectine D
Reine D
Tsiskadin-matong aca
hotspot un malang ac | nia uin-malang ac |
mtacé mebaelegends.com | hatepot.un-malang ac | authO opens com
[cbtuin-malang ac. | anaconda coud | Show more
op 7 code generator com accounts googie com |
mysccount google com | phonotirer com | invtagram com |
accounts googie com | apple apple com | rain gatefocehotel.com |
‘mea apple com | loginyanon com | Show more.
arhang shopeeivn | app atoca au | satework net |
elercenter era | neler-nthtokicom | best ncn |
onhang wneostwn | shopee.vn | uktek.com | play 908 nto | Show
scratch mi ad | quiz com los usach el ambos
Funcionarios usach ei instagram com | auhOopenaicom |
sata rs 6 | putoscencosu e | her Show mare.
amobet771.com | miorácasino302 com | jejobet821.com
p0bet5265.com | maltcosino506 com | mameybet196.com |
Vpobet5216.com | tpsbet6223.com | Upover5248.com |
bansal540.com | Show more
192 168.100.1 |: facebook com | instagram com | 0268 today |
ot ane com | bamtota xy? | ite03 LOMME ve | Show more
coco... .
ae ee oe SO
cree no
¿lb Recorded Future
Date /Size Vendor Price
20240327
20240401
20240401
20240401
20240401
20240401 manner 5
‘ose (Diamond) 10.00
20240327 Nurstes $
Damm (Diamond. 10.00
Reine D
Reine D
Rectine D
Reine D
Tsiskadin-matong aca
hotspot un malang ac | nia uin-malang ac |
mtacé mebaelegends.com | hatepot.un-malang ac | authO opens com
[cbtuin-malang ac. | anaconda coud | Show more
op 7 code generator com accounts googie com |
mysccount google com | phonotirer com | invtagram com |
accounts googie com | apple apple com | rain gatefocehotel.com |
‘mea apple com | loginyanon com | Show more.
arhang shopeeivn | app atoca au | satework net |
elercenter era | neler-nthtokicom | best ncn |
onhang wneostwn | shopee.vn | uktek.com | play 908 nto | Show
scratch mi ad | quiz com los usach el ambos
Funcionarios usach ei instagram com | auhOopenaicom |
sata rs 6 | putoscencosu e | her Show mare.
amobet771.com | miorácasino302 com | jejobet821.com
p0bet5265.com | maltcosino506 com | mameybet196.com |
Vpobet5216.com | tpsbet6223.com | Upover5248.com |
bansal540.com | Show more
192 168.100.1 |: facebook com | instagram com | 0268 today |
ot ane com | bamtota xy? | ite03 LOMME ve | Show more
coco... .
ae ee oe SO
cree no
¿lb Recorded Future
Date /Size Vendor Price
20240327
20240401
20240401
20240401
20240401
20240401 manner 5
‘ose (Diamond) 10.00
20240327 Nurstes $
Damm (Diamond. 10.00
Forums
Messaging board, advertisements, and community
M General 3 Raiding Rotated & Crack
E Leaks
Games
co
+ Gaya Mod @ Minecraft
& Combat Removed Content
HackTheBox
B Leaks
We Marketplac
ale Tech
won Oma
Call of Duty Modern Warte
30k usa database name e.
2.568 private mined combo
HTB: Pandora writeup -FR
“il-Recorded Future
Messaging board, advertisements, and community
M General 3 Raiding Rotated & Crack
E Leaks
Games
co
+ Gaya Mod @ Minecraft
& Combat Removed Content
HackTheBox
B Leaks
We Marketplac
ale Tech
won Oma
Call of Duty Modern Warte
30k usa database name e.
2.568 private mined combo
HTB: Pandora writeup -FR
“il-Recorded Future
Forum: BreachForums 2
pag ven Laem ae
2 encres tnd ane mn man Pune 1234.6) y er Aou ae
amara Oo ur. Fra
AMPED à a te ent every 0201 0%
© urea 00 3 vs ox
© mt en om gen a 12345) Fr uen 024.9701 a
Le : atom w barna
© ea Orea o mas Ce)
” use mee
pag ven Laem ae
2 encres tnd ane mn man Pune 1234.6) y er Aou ae
amara Oo ur. Fra
AMPED à a te ent every 0201 0%
© urea 00 3 vs ox
© mt en om gen a 12345) Fr uen 024.9701 a
Le : atom w barna
© ea Orea o mas Ce)
” use mee
recorded Future
Forum: Ramp and XSS
Forum: Ramp and XSS
Messaging Platforms
“Let's talk” and advertising
“Let's talk” and advertising
Ab Recorded Future
Bonus: Ransomware Extortion Websites
Bonus: Ransomware Extortion Websites
Why so popular for cybercriminals:
e Anonymity by design; safety = obfuscation
e Cryptocurrencies as payment methods, not just Bitcoin o
e All commodities, from narcotics to malware (ransomware,
trojans, and more)
6 Sn
® A
e Well-designed ecosystem + encrypted messengers
e Automated, customized, and manual
{Recorded Future” e *
e Anonymity by design; safety = obfuscation
e Cryptocurrencies as payment methods, not just Bitcoin o
e All commodities, from narcotics to malware (ransomware,
trojans, and more)
6 Sn
® A
e Well-designed ecosystem + encrypted messengers
e Automated, customized, and manual
{Recorded Future” e *
As an individual, do | need to worry
know about the dark web - why?
Can | protect myself?
YES
As a company, do | need to worry
know about the dark web - why?
Can | protect myself?
How does Recorded Future work? | ntel is
How does Recorded Future gather
information from the dark web? p owe r
+ Recorded Future
know about the dark web - why?
Can | protect myself?
YES
As a company, do | need to worry
know about the dark web - why?
Can | protect myself?
How does Recorded Future work? | ntel is
How does Recorded Future gather
information from the dark web? p owe r
+ Recorded Future
Recorded Future Benefits
e Robust collections of special-access and dark web sources, across all 3
areas of the ecosystem + messaging platforms (accessible via Platform)
e Trained, experienced professionals to conduct engagements, buys, and
reporting (clients are safe)
e Covert personas so as to access sources, acquire data/intel, and identify
new trends, tactics, and techniques (TTPs)
e Identify O-day/N-day vulnerabilities and attack vectors
e Customized services and monitoring
e Robust collections of special-access and dark web sources, across all 3
areas of the ecosystem + messaging platforms (accessible via Platform)
e Trained, experienced professionals to conduct engagements, buys, and
reporting (clients are safe)
e Covert personas so as to access sources, acquire data/intel, and identify
new trends, tactics, and techniques (TTPs)
e Identify O-day/N-day vulnerabilities and attack vectors
e Customized services and monitoring
Questions
-Iil-Recorded Future”
-Iil-Recorded Future”
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 267
- Slides 20
- Age 584 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views