Dark Web Investigation Attempt

I don't know that say about this topic, the name itself is already pretty cool

Introduction

So here I am wondering what should I do with our TI (Threat Intelligence) to make it better, I saw Group IB, and Mandiant are on the top of TI and they all do some kind of dark web monitor or investigation. So I wonder if I can obtain a basic of that skill. So let's do it. Here I'll not only show to tool but also my notes about this topic to help you to learn and shine a little bit of light on the topic.

Why learn dark web investigation or access the dark web anyway?

the question is why not? why limit yourself to just Google information and the surface web? Getting information from various sources to improve your TI program is always a plus. There are a lot of dark web networks, not just Tor alone, here are:

  • Zeronet

  • Lokinet

  • l2p

There are many more dark web because people can create their own network if they have the resources and if they want to. Accessing the dark web is one task, making use of it is another task, and staying safe while doing it.

Where to learn this tradecraft?

I found these links which will show you a little bit of how the dark web investigation works:

Twitter

Github

My setup

  • Whonix as a Gateway

  • Trace OSINT VM

  • Tor Browser

Here is the diagram:

<insert diagram soon>

When doing this, always set a goal because if you go to the dark web and just want to look around then I think it is just a waste of time. For me, my goal is that I want to search for keywords that relate to my customer (name, business sector, customer email) and data breaches

At this time, I didn't what to do more than the task I listed above, maybe soon I'll figure something else.

Goal

Information searching

Tools I'll be using: (tool can automate search through the list of .onion domain)

PreviousFake Website TrackerNextThreat Intelligence Quick Win

Last updated

Was this helpful?