Darknets and Dark Web Investigations (2024)

• Gain insights into the Dark Web, Dark Markets and conducting Leak Data investigations
• Build and protect your systems and persona from exposure to real threats and common pitfalls while performing recon on Darknets and the Dark Web.
• Learn how to find hidden sites and services as well as tips to get invited to exclusive trading sites.

The Dark Web can be one of the most challenging environments for OSINT, law enforcement, CISO’s and any organization’s reputation practitioners to work in. This two-day course will give students the tools, techniques and strategies required to securely and safely investigate Tor-based and Darknet entities and platforms. You will learn how to plan and execute a Dark Web and Darknet investigation, as well as the tools and systems to help uncover this hidden world. You will learn the techniques, processes, and methods to perform recon in search of hacked or leaked corporate data, as well as see how to leverage open-source tools and surface web resources and data correlation techniques to assist in your investigation.

It’s only a matter of time before a number of organizations experience data leaks or have data stolen. We need to think in terms of when, and not if, this will happen. Successfully protecting your organization means having the tools and information to determine early in the process if a breach has been made so you can take appropriate steps to reduce exposure and loss.

• How to build local and cloud-based investigation systems and stay safe on the various darknets
• The investigative process, procedures and tools, and evidence collection
• How to locate resources on Darknets to aid in your investigation
• How to use and navigate emerging mobile and console darknets

• You are tasked with corporate data integrity and making sure your company’s data is safe and secure. When a leak does occur, you need to be the first to know so you can mitigate the risks early in the process.
• You may be tasked with making sure corporate leadership is practicing good OPSEC. You need to be able to assess their profiles and understand the risks they pose for the organization and themselves.
• You may be concerned about your or your family’s digital footprint. You need to be able to understand the exposure and risk you have, and how to reduce, mitigate and remediate.

• Understanding passive and active reconnaissance in ethical hacking and bug bounty hunting engagements is helpful
• Beneficial to have a working knowledge of Linux, proxies and VPNs, search engines, search tools, searching on the surface and Deep Web

Course Set-up

• Have a working copy of skinny Debian, or if unavailable you can use Kali Linux or Parrot OS Virtual machines available to follow demos and exercises. These are available at https://debian.org; https://www.kali.org/get-kali/ or https://www.parrotsec.org/download/
• Download and install Darkweb class tool setup script “Darksetup” also located at-https://darknets.org. Installation details are available in the Lab Guide and the website, see setup.

Recommended Preparation

• Attend: Ethical Hacking Recon and the Darkweb by Joseph Mlodzianowski and Omar Santos

Recommended Follow-up

• Attend: AI and ML Darknet Investigations by Joseph Mlodzianowski

Day 1

Segment 1: Introduction to the Dark Web & DarkNets (35 minutes)

• Debunking Darknet and Dark Web myths and misconceptions
• Learning Darknet and Dark Web terminology, slang, and lingo
• Emerging Darknet Markets on Telegram, Discord, Signal, ZeroNet, I2P
• Dark Web and Darknet entry, middle, and exit points
• Understanding the risks and challenges

Demo: Using the I2P, Telegram and Tor Browser

Segment 2: The Tor Network (40 minutes)

• History: Past, present, and future of Darknets and the Web
• Onion Network Routing and Nodes
• Onion Relays and Bridges
• v2 and v3 Address types and affinity
• Onion Routing methodology
• Directories, Directory services and features

Exercise/activity: Installing Tor, Tor Browser, and Tor Tools

Break Length (10 minutes)

Segment 3: Finding Resources on Tor Network (30 minutes)Tor Email and Messaging services

• Tortype Email and Messaging services
• Blogs and Social Networks
• Various Tor Server Hosting Services including bullet proof hosting
• The Dark Market etiquette and building a reputation on Tor
• Chat, instant messaging, and discussion Boards
• Public and private news sites
• Monitoring and discovering new Tor sites and resources
• Legal uses of Tor sites, services and resources

Exercise/activity: Accessing email and Messaging Lab

Segment 4: Precautions and staying safe (40 minutes)

• Configure and use Browser Socks & Proxies
• Configure and use System Proxies and Proxy Chains
• VPN’s Using Open, Commercial and Build your own
• Sock Puppets, Identity protection, persona building
• Creating multiple layers of defense for effective offense
• Virtual Machines, cloud and dedicated research devices
• Docker, Docker Images, Setup and operations

Exercise/activity: Install, configure, use VPN, and Proxy ChainsExercise/activity: Install, configure Docker, Docker images

Break Length (10 minutes)

Segment 5: Planning your investigation (35 minutes)

• Hunting, Target Selectors, Acquisition,
• Investigative and case management tools,
• Hunchly and Maltego,
• Maintaining, storing, and tracking collected information
• Setup your own collection database/tracking tools
• Working with alternative distributions; Tails & Whonix
• Building, maintaining and protecting your VM / VPS

Exercise/activity: Hunting and Target Selectors

Segment 6: Configure and secure your System and Tor Settings (30 minutes)

• Tor Security features, capabilities, and add-ons
• Tor Vulnerabilities and limitations
• Using Tor with proxies and VPNs
• What is the Tor network Two-Way Anonymity
• Tor Scanning and recon tools

Exercise/activity: Using Tor Based features and add-ons

Q&A – (10 minutes)

Day 2

Segment 7: Hunting for Tor websites, Services and resources (40 minutes)

• Listing and changing your Tor Gateway
• Spread the word of your Tor Server, Seeding and Search engines
• Hunting, spidering, pivot and track next target
• Finding information leakage, breach and data dump sites
• Darkweb news, media, and whistle blower media sites
• Private Directories and unlisted and invite only sites

Exercise/activity: Seed sites, Hunting, tracking

Break Length (10 minutes)

Segment 8: Strategies and Approaches to identifiers (40 minutes)

• Selectors, Unique Identifiers, and Artifacts
• Locating and using Metadata, administrative, structural, descriptive, and technical
• Links, data, correlation and relationship analysis dependencies
• Data and Content validating and assigning classifiers
• Extracting and examining data/collections in a sandbox

Exercise/activity: Metadata tools, tactics, techniquesExercise/activity: extracting data from images and files

Break Length (10 minutes)

Segment 9: Workflows, analysis and Attribution (40 minutes)

• Attribution techniques and methods
• Sentiment analysis, categorization
• Correlating unique identifiers and selectors
• Gap Analysis and filter selection
• Crypto Currency, Wallets, Encryp keys
• Entity Tracking, and protocol monitoring
• Sniffer, traffic analysis, packet captures
• Forum and discussion Board (vendor, market place analysis)

Exercise/activity: Attribution methods, forumsExercise/activity: Create Bitcoin addresses without wallets

Break Length (10 minutes)

Segment 10: Onion-Based Tools Tricks and Tips of the Trade (20 minutes)

• Custom tools
• OnionScan
• Text analysis and reviewing unstructured data
• Forums and discussion boards (vendor, marketplace analysis)

Segment 11: Investigative Darkweb and Surface Tools (20 minutes)

• OnionSearch, OnionIngester
• Github tools
• Torscraper
• Opensource tools and projects

Exercise/activity: Onion based tools usage, results, storage

Segment 12: Wrapping up investigations and analysis (40 minutes)

• Reporting, Report Structure
• Case management, Corporate and LEO reporting
• Preservation of evidence, chain of custody

Exercise/activity: Data Collection, storage and ReportsExercise/activity: Case Management

Q&A – 10 minutes