iThome_CYBERSEC2024_Drive_Into_the_DarkWeb

JieLiau 137 views 43 slides May 20, 2024
Slide 1
Slide 1 of 55
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44
Slide 45
45
Slide 46
46
Slide 47
47
Slide 48
48
Slide 49
49
Slide 50
50
Slide 51
51
Slide 52
52
Slide 53
53
Slide 54
54
Slide 55
55

About This Presentation

This is my presentation of iThome CYBERSEC2024

Size: 26.54 MB
Language: en
Added: May 20, 2024
Slides: 43 pages

Slide Content

Drive Into the DarkWeb
Jie @ iThome CyberSec 2024

Disclaimer
This talk is given by me as an individual
My employer is not involved in any way

# whoami
https://www.linkedin.com/in/jieliau
https://github.com/jieliau
https://www.facebook.com/jie.liau
https://twitter.com/0xJieLiau
https://jieliau.medium.com/
資安說書人

DarkWeb

The Onion Router

Developed around the mid-1990s by
United States Naval Research Laboratory
To protect U.S. intelligence communication online

http://expyuzz4wqqyqhjn.onion/
The hash of the RSA public key
16 characters
http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/
The full ed25519 public key
56 characters
v2 vs. v3

How to Get on DarkWeb

Get On DarkWeb
Tor Browser bundle
https://www.torproject.org/download/
Whonix
https://www.whonix.org/
Tails
https://tails.net/

Node Types
End User
Onion Service
Guard
Middle
Exit
Bridge
https://community.torproject.org/relay/types-of-relays/
IP addresses of 3 types of Tor relay are public
https://metrics.torproject.org/rs.html
Relays in the network that are not listed in the public Tor directory
Regular Service
or

How Tor works

Tor node Encrypted link Unencrypted link
Directory Server
Alice
Jane
Bob
Step1: Alice’s Tor
client obtains a
list of Tor node from
directory server
Step2: Alice’s Tor client
picks a random path to
destination server
Step3: If later time, the user
visits another site, the Tor
browser will select a second
random path
Tor Network

Onion Services

The services are only accessible through the Tor network
Advantages
The service IP and location are hidden
All traf
fi
fic is end-to-end encrypted
No need to purchase the domain name
Disadvantage
Slow
Blocked in some countries
China, Iran

How Onion Services work

IP1 IP2
IP3
Bob
Alice
Directory Server
RP
Onion Service Protocol
Step1: Bob picks three IPs
and builds 3-hop circuits to them
IP#
PK
Step2: Bob advertises Onion Service
Descriptor: 3 IPs and PK and uploads it
to Distributed Hash Table
IP#
PK
Step3: Alice hears that Bob’s Onion exists,
and requests more info from the Directory Server
and also sets up a RP
PK
cookie
RP
Step4: Alice writes a message
encrypted by PK to Bob
listing the RP and one-time secret,
and also asks an IP to deliver
cookie
Step5: Bob connects to RP and
provides the provided one-time secret
Step6: Bob and Alice proceed to
use their Tor circuit like normal
IP : Introduction Points
PK : Public Key
cookie : One-Time Secret
RP : Rendezvous Point

Set Up Your Onion Service

Set up your regular service
Apache or Nginx
Bind the address to 127.0.0.1 only
Install Tor
https://community.torproject.org/onion-services/setup/install/
/etc/tor/torrc
HiddenServiceDir /var/lib/tor/YourOnionSrv/
HiddenServicePort 80 127.0.0.1:80
Restart Tor

https://github.com/jieliau/TorSetup

Customise Your onion domain

https://github.com/cathugger/mkp224o

OSINT

x.com
(url:onion) “ransomware”
ransomware AND (url:onion -
fi
filter:retweets)
(hxxp:// OR http://) [.] AND url:onion
target OR dump OR combo OR password OR leak OR breach OR databreach OR credential OR steal AND (url:onion)
Google Dorks
Intext:.onion site:reddit.com
Reddit
r/TOR
r/onions
Shodan
ssl:”.onion”
“.onion”
“facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion”

Shodan Your Real IP

https://github.com/jieliau/TorSetup/blob/master/shodanOnion.py

Analyse Onion Site

Set up Tor Proxy
/etc/tor/torrc
SocksPort 0.0.0.0:9050
SocksPolicy accept 192.168.0.0/16
SocksPolicy reject *
torify(torsocks) or proxychain

Monitor Your Data on DarkWeb

AIL Framework

The framework for Analysis of Information Leaks
To analyse potential information leaks from unstructured data sources including DarkWeb
https://github.com/ail-project/ail-framework

Crawlers

Leaks Hunter

Your Own DarkWeb monitor

requests-tor Python module
https://pypi.org/project/requests-tor/

Tor Sites

I hope you enjoy it
Tags
darkweb darknet tor cybersecurity
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 137
  • Slides 43
  • Age 561 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views
View More in This Category