Darknets and Dark Web Investigations
Published by Pearson
Investigate and hunt organizational data on the Dark Web
- Gain insights into the Dark Web, Dark Markets and conducting Leak Data investigations
- Build and protect your systems and persona from exposure to real threats and common pitfalls while performing recon on Darknets and the Dark Web.
- Learn how to find hidden sites and services as well as tips to get invited to exclusive trading sites.
The Dark Web can be one of the most challenging environments for OSINT, law enforcement, CISO’s and any organization’s reputation practitioners to work in. This two-day course will give students the tools, techniques and strategies required to securely and safely investigate Tor-based and Darknet entities and platforms. You will learn how to plan and execute a Dark Web and Darknet investigation, as well as the tools and systems to help uncover this hidden world. You will learn the techniques, processes, and methods to perform recon in search of hacked or leaked corporate data, as well as see how to leverage open-source tools and surface web resources and data correlation techniques to assist in your investigation.
It’s only a matter of time before a number of organizations experience data leaks or have data stolen. We need to think in terms of when, and not if, this will happen. Successfully protecting your organization means having the tools and information to determine early in the process if a breach has been made so you can take appropriate steps to reduce exposure and loss.
What you’ll learn and how you can apply it
- How to build local and cloud-based investigation systems and stay safe on the various darknets
- The investigative process, procedures and tools, and evidence collection
- How to locate resources on Darknets to aid in your investigation
- How to use and navigate emerging mobile and console darknets
This live event is for you because...
- You are tasked with corporate data integrity and making sure your company’s data is safe and secure. When a leak does occur, you need to be the first to know so you can mitigate the risks early in the process.
- You may be tasked with making sure corporate leadership is practicing good OPSEC. You need to be able to assess their profiles and understand the risks they pose for the organization and themselves.
- You may be concerned about your or your family’s digital footprint. You need to be able to understand the exposure and risk you have, and how to reduce, mitigate and remediate.
Prerequisites
- Understanding passive and active reconnaissance in ethical hacking and bug bounty hunting engagements is helpful
- Beneficial to have a working knowledge of Linux, proxies and VPNs, search engines, search tools, searching on the surface and Deep Web
Course Set-up
- Have a working copy of skinny Debian, or if unavailable you can use Kali Linux or Parrot OS Virtual machines available to follow demos and exercises. These are available at https://debian.org; https://www.kali.org/get-kali/ or https://www.parrotsec.org/download/
- Download and install Darkweb class tool setup script “Darksetup” also located at-https://darknets.org. Installation details are available in the Lab Guide and the website, see setup.
Recommended Preparation
- Attend: Ethical Hacking Recon and the Darkweb by Joseph Mlodzianowski and Omar Santos
Recommended Follow-up
- Attend: AI and ML Darknet Investigations by Joseph Mlodzianowski
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1
Segment 1: Introduction to the Dark Web & DarkNets (35 minutes)
- Debunking Darknet and Dark Web myths and misconceptions
- Learning Darknet and Dark Web terminology, slang, and lingo
- Emerging Darknet Markets on Telegram, Discord, Signal, ZeroNet, I2P
- Dark Web and Darknet entry, middle, and exit points
- Understanding the risks and challenges
Demo: Using the I2P, Telegram and Tor Browser
Segment 2: The Tor Network (40 minutes)
- History: Past, present, and future of Darknets and the Web
- Onion Network Routing and Nodes
- Onion Relays and Bridges
- v2 and v3 Address types and affinity
- Onion Routing methodology
- Directories, Directory services and features
Exercise/activity: Installing Tor, Tor Browser, and Tor Tools
Break Length (10 minutes)
Segment 3: Finding Resources on Tor Network (30 minutes) Tor Email and Messaging services
- Tortype Email and Messaging services
- Blogs and Social Networks
- Various Tor Server Hosting Services including bullet proof hosting
- The Dark Market etiquette and building a reputation on Tor
- Chat, instant messaging, and discussion Boards
- Public and private news sites
- Monitoring and discovering new Tor sites and resources
- Legal uses of Tor sites, services and resources
Exercise/activity: Accessing email and Messaging Lab
Segment 4: Precautions and staying safe (40 minutes)
- Configure and use Browser Socks & Proxies
- Configure and use System Proxies and Proxy Chains
- VPN’s Using Open, Commercial and Build your own
- Sock Puppets, Identity protection, persona building
- Creating multiple layers of defense for effective offense
- Virtual Machines, cloud and dedicated research devices
- Docker, Docker Images, Setup and operations
Exercise/activity: Install, configure, use VPN, and Proxy Chains Exercise/activity: Install, configure Docker, Docker images
Break Length (10 minutes)
Segment 5: Planning your investigation (35 minutes)
- Hunting, Target Selectors, Acquisition,
- Investigative and case management tools,
- Hunchly and Maltego,
- Maintaining, storing, and tracking collected information
- Setup your own collection database/tracking tools
- Working with alternative distributions; Tails & Whonix
- Building, maintaining and protecting your VM / VPS
Exercise/activity: Hunting and Target Selectors
Segment 6: Configure and secure your System and Tor Settings (30 minutes)
- Tor Security features, capabilities, and add-ons
- Tor Vulnerabilities and limitations
- Using Tor with proxies and VPNs
- What is the Tor network Two-Way Anonymity
- Tor Scanning and recon tools
Exercise/activity: Using Tor Based features and add-ons
Q&A – (10 minutes)
Day 2
Segment 7: Hunting for Tor websites, Services and resources (40 minutes)
- Listing and changing your Tor Gateway
- Spread the word of your Tor Server, Seeding and Search engines
- Hunting, spidering, pivot and track next target
- Finding information leakage, breach and data dump sites
- Darkweb news, media, and whistle blower media sites
- Private Directories and unlisted and invite only sites
Exercise/activity: Seed sites, Hunting, tracking
Break Length (10 minutes)
Segment 8: Strategies and Approaches to identifiers (40 minutes)
- Selectors, Unique Identifiers, and Artifacts
- Locating and using Metadata, administrative, structural, descriptive, and technical
- Links, data, correlation and relationship analysis dependencies
- Data and Content validating and assigning classifiers
- Extracting and examining data/collections in a sandbox
Exercise/activity: Metadata tools, tactics, techniques Exercise/activity: extracting data from images and files
Break Length (10 minutes)
Segment 9: Workflows, analysis and Attribution (40 minutes)
- Attribution techniques and methods
- Sentiment analysis, categorization
- Correlating unique identifiers and selectors
- Gap Analysis and filter selection
- Crypto Currency, Wallets, Encryp keys
- Entity Tracking, and protocol monitoring
- Sniffer, traffic analysis, packet captures
- Forum and discussion Board (vendor, market place analysis)
Exercise/activity: Attribution methods, forums Exercise/activity: Create Bitcoin addresses without wallets
Break Length (10 minutes)
Segment 10: Onion-Based Tools Tricks and Tips of the Trade (20 minutes)
- Custom tools
- OnionScan
- Text analysis and reviewing unstructured data
- Forums and discussion boards (vendor, marketplace analysis)
Segment 11: Investigative Darkweb and Surface Tools (20 minutes)
- OnionSearch, OnionIngester
- Github tools
- Torscraper
- Opensource tools and projects
Exercise/activity: Onion based tools usage, results, storage
Segment 12: Wrapping up investigations and analysis (40 minutes)
- Reporting, Report Structure
- Case management, Corporate and LEO reporting
- Preservation of evidence, chain of custody
Exercise/activity: Data Collection, storage and Reports Exercise/activity: Case Management
Q&A – 10 minutes
Your Instructor
Joseph Mlodzianowski
Joseph Mlodzianowski is a twenty-five-year veteran of the cybersecurity field and considered a security aficionado by his peers. He is a traveler and adventurer. He is involved in M3AAWG Messaging Malware Mobile Anti-Abuse industry working group. Joseph is a Security Architect in Cisco’s Managed and Intelligence services. Joseph worked in/for the Department of Defense in various SME roles. He is also involved in the Cisco exam criteria and curriculum for certifications, and he has authored several books. You can also learn more about him on twitter @cedoxx or at darkwb.sh.