Getting started with using the Dark Web for OSINT investigations
Download as PPTX, PDF0 likes583 views
The document discusses how to conduct open-source intelligence (OSINT) investigations using the dark web, providing an overview of the surface web, deep web, and dark web; resources for finding dark web sites like search engines and directories; and tips for investigating cases like finding the location and Wi-Fi network from a photo's metadata. It aims to educate on safely and legally utilizing open-source information on the dark web for investigative purposes.
Getting started with using the Dark Web for OSINT investigations
- 1. GETTING STARTED WITH USING THE DARK WEB FOR OSINT INVESTIGATIONS. OLAKANMI OLUWOLE 20-03-2021
- 2. Our mission To monitor and alert users of immediate risk using a tactical approach, research, analyze and monitor the technical developments of various cyber trends and threat-actors in the following fields:
- 3. How we are doing it We gather massive amounts of data using various sources such as publicly available web references, social media channels and the deep dark web using a wide range of honey-pot techniques.
- 4. Cyber Threat Intelligence tailored for Africa
- 8. OSINT Opensource Intelligence. It’s the process of fetching and analyzing publicly available data. WHO USES OSINT? Law enforcement, Cyber criminals, OSINT investigators, Private investigators, Human Resource managers, etc.
- 9. We're investigating a missing person's case. The image missing.png was the last image uploaded by the missing person. We're looking for the location the person took and uploaded the picture and also the name of Wi-Fi SSID the person posted from CHALLENGE 01 https://docs.google.com/uc?export=download&id=1ob0uiTj45clIJIMcrDHVBkoMkfn5RQui
- 10. CLEARNET/SURFACE WEB The Surface Web also called the Visible Web, Indexed Web, Indexable Web or Lightnet, etc. is the portion of the internet that is readily available to the general public and searchable with standard web search engines. DEEP WEB The deep web consist of a website or any page on the website which are not indexed by search engines. It can only be access by authorized personal Deep web is used to store most personal information like (Cloud storages, any organization personal data and military data etc)
- 11. DARK WEB The dark web forms a small part of the deep web, the part of the Web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web. Legal to access but any illegal activity can be prosecuted. TOR Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays in order to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. To access the darknet, you need the Tor Browser.
- 12. REASONS TO USE THE DARKWEB • Avoid internet censorship • Anonymity • Illegal Operations • Investigations
- 13. JUST BEFORE YOU GET STARTED • Tor network is automatically encrypted • Domains on the dark web are randomly generated • Transactions are mostly done using cryptocurrency, perfect money, etc. • You can also access onion sites using Tor2web • You won’t always find what you’re looking for • A lot of sock puppets so real identification is tougher
- 14. RESOURCES TO GET STARTED - Clearnet • https://onion.live/ • DeepDotWeb.com - Now seized by US DoJ • Dark Search - https://darksearch.io/ • Hunchly daily dark web reports • r/onion
- 15. RESOURCES TO GET STARTED – Dark Web • Ahmia - http://msydqstlz2kzerdg.onion • Dark Search - http://darkschn4iw2hxvpv2vy2uoxwkvs2padb56t3h4wqztre6upoc5qwgid.onion • NotEvil - http://hss3uro2hsxfogfq.onion • Quo - http://quosl6t6c64mnn7d.onion • OnionLand - http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion • Tor66 Onions - http://tor66sewebgixwhcqfnp5inzp5x5uohhdy3kvtnyfxc2e5mxiuh34iid.onion/fresh
- 16. To Find Location: - Look up wafflesncream '18 skateboard as seen on the image - Results shows wafflesncream website - Using any Exif tool, creating date of image is 2018 - Visit wafflencream website and search for 2018 - Results shows there was an event held at upbeat center and same picture is seen on the website To Find Wi-Fi SSID - Now we know location is “Upbeat Center” - Look up upbeat address - Go to wigle.net and search for upbeat address area or long and lat - Filter result to contain the year 2018 - Search for SSIDs in the area - SSID "UpBeat" is seen with mac address seen in the image exif data CHALLENGE FLAG.
- 17. Tweet was seen regarding a breach but with little information. We need to know where it was posted, user who posted, verify breach. CHALLENGE 02
- 18. ADDITIONAL RESOURCES • Server status – example.onion/server-status • Censys.io - 443.https.tls.certificate.parsed.names: onion • Shodan- ssl:“.onion”, “.onion” • ExoneraTor - https://metrics.torproject.org/exonerator.html • OnionScan - https://onionscan.org/