Case IQ, profile picture
Uploaded byCase IQ
8,979 views

Investigating Using the Dark Web

The document is a presentation by Chad Los Schumacher, team lead at ithreat cyber group, introducing the dark web and its components, including the deep web and surface web. It discusses the uses of the dark web, both positive and negative, how to access it using tools like Tor, and challenges faced during investigations. The presentation also highlights methods for uncovering connections between dark web and clear web entities.

Embed presentation

Investigating Using the Dark Web Chad Los Schumacher, Team Lead, iThreat Cyber Group
Introduction • About Chad Los Schumacher • Project manager and DNS investigator at iThreat Cyber Group • MS in Intelligence Analysis from Mercyhurst University • Has trained international LE, at conferences, and more • About iThreat Cyber Group • Assist clients in with intelligence programs • Provide tech enhanced services, enhanced data services, and SaaS • Founded in 1997 in Princeton, New Jersey
Have you used Tor/the Dark Web? a. Yes, and I’m familiar. b. Yes, a few times. c. No, but I’ve seen it used. d. No, and I have no experience. Quick Poll
Session Objectives • Define what the dark web is • Locate common hubs and key resources • Introduce tools/methods for unmasking dark web sites
Warning… • The dark web is filled with some awful things that cannot be unseen • Ask yourself if this is really the job for you before starting • Review the risk/reward as it may create other headaches
Understanding the Parts of the Web Deep web: Information that is more hidden or restricted, such as academic databases, newspaper archives, etc. Surface web: Where most of your day-to-day activity takes place, sites visible to search engines. Dark web: Internet within an internet, designed to be anonymous and obfuscated
Key Differences • Requires special software to access, an Internet within an Internet • Resistant to indexing, not easily searched • Indices are similar to Yahoo! in 1995 (Directories vs. Search Engine) • Communications within the network are always encrypted
Uses for the Dark Web For better… • To circumvent government censorship • To provide whistleblowers protection • To avoid monitoring For worse… • Enables sales of illegal firearms, drugs, counterfeits, etc. • Human exploitation (porn, trafficking, etc). • Hire hitmen, hackers, etc.
Three Major Dark Webs • The Onion Router (Tor) - Focus for this presentation • The biggest, most well known dark web. • Most Internet-like • Invisible Internet Project (I2P) • Up and coming • Focuses on services (ie: instant messaging, email, websites, etc). • Freenet • Distributed file sharing • Offers communications
How Tor Works
About .onion Sites • Can only be accessed when using Tor • No master database of all .onion sites • Use of Tor allows for the creation of .onion sites • Domains are randomly generated, either 16 or 56 characters long
Challenges with Tor Investigations • The network was designed to provide anonymity • Best chance at unmasking means finding a clear web connections • They don’t take PayPal, so be ready for Bitcoin • Accounts need to be anonymized and not tied to your person • There’s no Google, so you may not find what you’re after • Cultural distrust of others
WHERE TO BEGIN Locating Starting Points & Accessing
Google It! • Using Google/Bing provide excellent list of starting points • Reddit, Twitter discuss dark web markets in open (r/deepweb) • Dedicated sites in open web help new users find dark web markets (deepdotweb.com, darkwebnews.com) • May have to get into deep web to find other markets Deepdotweb.com
Searching the “Search Engines” • Several Tor “search engines” exist that claim to scan/index Tor sites • Each use their own techniques • Nowhere near the power/sophistication of Google, Yahoo, etc • Typically unreliable – data can be stale • Biggest names: ahmia.fi and Torch Tor Search Engine
Other Lists/Resources • Hunchly Daily Hidden Service • New .onions found daily by Justin Seitz at Hunchly – darkweb.hunch.ly • Reddit • https://www.reddit.com/r/onions/search?q=url%3A.onion& sort=new&restrict_sr=on
Two Fast Ways to Access Tor Browser • Developed by Tor Project • Custom version of Firefox • Provides plugins and tips to keep you anonymous • This is the best/safest option Tor2Web Gateways • Add .to, .casa, .direct, or .rip to access Onion sites directly • These are often run by individuals or organizations • It is unclear what some are doing with the data (especially .link) • Use with caution! • Ex: facebookcorewwwi.onion.to
BRINGING THE DARK TO THE LIGHT Techniques and Tools
Find Clear Web Mentions • Do you see any of the following referenced? • A clear web domain (example.com, example.net, etc) • A social media account like Facebook or Twitter • A clear web email (Gmail, Hotmail, or other custom domain) • Payment methods like PayPal, Venmo, Zelle, etc. • Right click on the page and select “View Page Source” • Search the page for .com, .net, @gmail.com, etc for potential hidden links • Webmasters may make mistakes and point to a clear web domain instead of a .onion These data points are present more often than you think!
Examples of Clear Connections psychonaut3z5aoz.onion a9a19b3635191ebe97b9d3f61addc93a.endcha n5doxvprs5.onion
Do Not Underestimate This! • Ross Ulbricht advertised Silk Road on a bitcoin forum – a breakthrough discovered by a tax investigator using Google • Vanity Jones, a major player on Silk Road, was ousted as Thomas Clark when his identity discovered on an old cannabis forum • David Ryan Burchard attempted to trademark his brand of marijuana sold on the dark web in his name
Leaking IP Address with Censys.io • Service scans IP address space for running services and makes it searchable by domain or IP address • Entering a .onion can return an IP if a server is misconfigured
Example of Leaking .onion
Check for Sites on the Same Server • Only works for sites running Apache web server • Visiting example.onion/server-status can reveal: • Server information (operating system, uptime status, creation date) • Other domains using the same server • IP addresses accessing the server • What resources (pages, images, etc) are being accessed
Example Apache Server Status Page
In Conclusion • Covered definitions of the dark web, how Tor works • Reviewed where to find dark web sites and resources • Provided resources and ways to potentially de-anonymize a .onion
Thank you for participating Contact Chad Los Schumacher cls@icginc.com / inquiries@icginc.com @itisjustchad https://www.linkedin.com/in/chadls/ Contact i-Sight j.gerard@i-sight.com Find more free webinars: http://www.i-sight.com/resources/webinars @isightsoftware

More Related Content

PPTX
The Dark Web : Hidden Services
byAnshu Singh
 
PPTX
Dark Web and Privacy
byBrian Pichman
 
PPTX
Dark net
byMudasser Afzal
 
PPTX
Dark and Deep web
byKhaled Sany
 
PDF
Dark Web Forensics
byDeepak Kumar (D3)
 
PDF
dark-web-and-cybercrime.pdf
byRajanshumanPradhan2
 
PPTX
Dark wed
byAraVind Pillai
 
PDF
OSINT with Practical: Real Life Examples
bySyedAmoz
 
The Dark Web : Hidden Services
byAnshu Singh
 
Dark Web and Privacy
byBrian Pichman
 
Dark net
byMudasser Afzal
 
Dark and Deep web
byKhaled Sany
 
Dark Web Forensics
byDeepak Kumar (D3)
 
dark-web-and-cybercrime.pdf
byRajanshumanPradhan2
 
Dark wed
byAraVind Pillai
 
OSINT with Practical: Real Life Examples
bySyedAmoz
 

What's hot

PPTX
Introduction To Dark Web
byAdityakumar Yadav
 
PPTX
Guide to dark web
byJspider - Noida
 
PDF
OSINT for Attack and Defense
byAndrew McNicol
 
PDF
Osint
byKamal Rathaur
 
PPTX
Deep web
byAbu Kaisar
 
PPTX
Dark web
bySafwan Hashmi
 
PPTX
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
PPTX
The dark web
byBella M
 
PPTX
Tools for Open Source Intelligence (OSINT)
bySudhanshu Chauhan
 
PDF
Open Source Intelligence (OSINT)
byfestival ICT 2016
 
PDF
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
PDF
OSINT- Leveraging data into intelligence
byDeep Shankar Yadav
 
PDF
Osint presentation nov 2019
byPriyanka Aash
 
PPTX
Password Cracking
bySagar Verma
 
PPT
Open source intelligence
bybalakumaran779
 
PPTX
Osint {open source intelligence }
byAkshayJha40
 
PDF
OSINT - Open Source Intelligence
byc0c0n - International Cyber Security and Policing Conference
 
PPTX
Deep web and Dark web
byParvez Hossain
 
PPTX
Bsides Knoxville - OSINT
byAdam Compton
 
PPTX
OSINT: Open Source Intelligence gathering
byJeremiah Tillman
 
Introduction To Dark Web
byAdityakumar Yadav
 
Guide to dark web
byJspider - Noida
 
OSINT for Attack and Defense
byAndrew McNicol
 
Osint
byKamal Rathaur
 
Deep web
byAbu Kaisar
 
Dark web
bySafwan Hashmi
 
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
The dark web
byBella M
 
Tools for Open Source Intelligence (OSINT)
bySudhanshu Chauhan
 
Open Source Intelligence (OSINT)
byfestival ICT 2016
 
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
OSINT- Leveraging data into intelligence
byDeep Shankar Yadav
 
Osint presentation nov 2019
byPriyanka Aash
 
Password Cracking
bySagar Verma
 
Open source intelligence
bybalakumaran779
 
Osint {open source intelligence }
byAkshayJha40
 
OSINT - Open Source Intelligence
byc0c0n - International Cyber Security and Policing Conference
 
Deep web and Dark web
byParvez Hossain
 
Bsides Knoxville - OSINT
byAdam Compton
 
OSINT: Open Source Intelligence gathering
byJeremiah Tillman
 

Similar to Investigating Using the Dark Web

PPTX
Journey To The Dark Web
byMiteshWani
 
PPTX
Dark Web
byKunalDas889957
 
PPTX
Research in the deep web
bySeth Porter, MA, MLIS
 
PPTX
Deep Web
byAbishaiDas
 
PPTX
Cyber crime- a case study
byShubh Thakkar
 
PPTX
Deep web (amatuer level)
byAli Saif Mirza
 
PPTX
Osint - Dark side of Internet
byRaghav Bisht
 
PPTX
dark_web_recreated ndnsdnfewfeifefnefeein
byKashifKhan912000
 
PPTX
Darknet
byKamalPreet Saluja
 
PPTX
The Hidden Web
byJon Kane
 
PPTX
Dark web technology based ppt for power pt
bymurug9700
 
PDF
Deeplight Intelliagg
byGavin O'Toole
 
PDF
Introduction to Deep Web
byIRJET Journal
 
PPTX
Dark Web.pptx
byeliofatjon
 
PPTX
Invisible Web
byMuhammad Azeem Mazhar
 
PPTX
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
byGeetha982072
 
PPTX
Introduction to DARK WEB_students 2023.pptx
byRobertDanso
 
PPT
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
byOWASP Delhi
 
PDF
ABOUT DARK WEB
byVenkatVs7
 
DOCX
What is the Dark Web & How to Access itWe explain the Dark Web, .docx
byhelzerpatrina
 
Journey To The Dark Web
byMiteshWani
 
Dark Web
byKunalDas889957
 
Research in the deep web
bySeth Porter, MA, MLIS
 
Deep Web
byAbishaiDas
 
Cyber crime- a case study
byShubh Thakkar
 
Deep web (amatuer level)
byAli Saif Mirza
 
Osint - Dark side of Internet
byRaghav Bisht
 
dark_web_recreated ndnsdnfewfeifefnefeein
byKashifKhan912000
 
Darknet
byKamalPreet Saluja
 
The Hidden Web
byJon Kane
 
Dark web technology based ppt for power pt
bymurug9700
 
Deeplight Intelliagg
byGavin O'Toole
 
Introduction to Deep Web
byIRJET Journal
 
Dark Web.pptx
byeliofatjon
 
Invisible Web
byMuhammad Azeem Mazhar
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
byGeetha982072
 
Introduction to DARK WEB_students 2023.pptx
byRobertDanso
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
byOWASP Delhi
 
ABOUT DARK WEB
byVenkatVs7
 
What is the Dark Web & How to Access itWe explain the Dark Web, .docx
byhelzerpatrina
 

More from Case IQ

PPTX
Search Engine Skills for Workplace Investigators
byCase IQ
 
PPTX
What is Psychological Safety in the Workplace?
byCase IQ
 
PPTX
Protecting the Mental Wellbeing of Corporate Investigators
byCase IQ
 
PPTX
How to recognize and minimize unconscious bias in the workplace
byCase IQ
 
PPTX
Insider Threat: Cases and Controls to Prevent Internal Fraud and Prevention
byCase IQ
 
PPTX
5 Steps to Creating an Ethical Work Culture
byCase IQ
 
PPTX
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
byCase IQ
 
PPTX
How Best Practices in Triage Protocol Can Boost Compliance and Reduce Risk
byCase IQ
 
PPTX
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
byCase IQ
 
PPTX
7 Ways to Increase Ethical Accountability and Decrease Fraud Risk
byCase IQ
 
PPTX
5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents
byCase IQ
 
PPTX
How Not to Get Called Out on TikTok: Improving Your Brand Through Employer/Em...
byCase IQ
 
PPTX
How to Assess, Level Up, and Leverage Your Culture of Compliance
byCase IQ
 
PPTX
Meric Bloc_Webinar Nov22.pptx
byCase IQ
 
PPTX
How to Drive Efficiency and Reduce Risk with Investigative Case Management So...
byCase IQ
 
PPTX
Everything You Need to Get E&C Investigations Right (According to the DOJ)
byCase IQ
 
PPTX
Who's Lying? Using the Cognitive Interview to Assess Credibility in Workplace...
byCase IQ
 
PPTX
Preventing Bullying and Harassment Through Diversity and Inclusion in the Wor...
byCase IQ
 
PPTX
Building Effective Sexual Harassment Prevention Policies and Training
byCase IQ
 
PPTX
Finding Value Before a Crisis: How Workplace DEI Drives Revenue and Prevents ...
byCase IQ
 
Search Engine Skills for Workplace Investigators
byCase IQ
 
What is Psychological Safety in the Workplace?
byCase IQ
 
Protecting the Mental Wellbeing of Corporate Investigators
byCase IQ
 
How to recognize and minimize unconscious bias in the workplace
byCase IQ
 
Insider Threat: Cases and Controls to Prevent Internal Fraud and Prevention
byCase IQ
 
5 Steps to Creating an Ethical Work Culture
byCase IQ
 
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
byCase IQ
 
How Best Practices in Triage Protocol Can Boost Compliance and Reduce Risk
byCase IQ
 
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
byCase IQ
 
7 Ways to Increase Ethical Accountability and Decrease Fraud Risk
byCase IQ
 
5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents
byCase IQ
 
How Not to Get Called Out on TikTok: Improving Your Brand Through Employer/Em...
byCase IQ
 
How to Assess, Level Up, and Leverage Your Culture of Compliance
byCase IQ
 
Meric Bloc_Webinar Nov22.pptx
byCase IQ
 
How to Drive Efficiency and Reduce Risk with Investigative Case Management So...
byCase IQ
 
Everything You Need to Get E&C Investigations Right (According to the DOJ)
byCase IQ
 
Who's Lying? Using the Cognitive Interview to Assess Credibility in Workplace...
byCase IQ
 
Preventing Bullying and Harassment Through Diversity and Inclusion in the Wor...
byCase IQ
 
Building Effective Sexual Harassment Prevention Policies and Training
byCase IQ
 
Finding Value Before a Crisis: How Workplace DEI Drives Revenue and Prevents ...
byCase IQ
 

Recently uploaded

PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PDF
Database Performance at Scale: The TL;DR
byScyllaDB
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PDF
UiPath Veterans Day Acknowledgement and Benefits
byDianaGray10
 
PPTX
Career Blueprint - Future Career Vision & Success Stories - 2025 - Part 1
byDianaGray10
 
PDF
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
Upskill to Agentic Automation - Accelerating Your Job Search using AI
byDianaGray10
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
Database Performance at Scale: The TL;DR
byScyllaDB
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
UiPath Veterans Day Acknowledgement and Benefits
byDianaGray10
 
Career Blueprint - Future Career Vision & Success Stories - 2025 - Part 1
byDianaGray10
 
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
Upskill to Agentic Automation - Accelerating Your Job Search using AI
byDianaGray10
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
WebXR in Android and Linux with OpenXR
byIgalia
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
In this document
Powered by AI

Introduction to dark web investigation, presenter background, session objectives, and warning about its dangers.

Definitions and distinctions between surface web, deep web, and dark web; major dark web networks like Tor.

How Tor works, accessing .onion sites, and using search resources like Google and dedicated Tor search engines.

Techniques for finding clear web mentions, examples of connections, using tools to leak IPs, and overall strategies for investigation.Summary of key points from the presentation and contact information for further inquiries.

Investigating Using the Dark Web

  • 1.
    Investigating Using theDark Web Chad Los Schumacher, Team Lead, iThreat Cyber Group
  • 2.
    Introduction • About ChadLos Schumacher • Project manager and DNS investigator at iThreat Cyber Group • MS in Intelligence Analysis from Mercyhurst University • Has trained international LE, at conferences, and more • About iThreat Cyber Group • Assist clients in with intelligence programs • Provide tech enhanced services, enhanced data services, and SaaS • Founded in 1997 in Princeton, New Jersey
  • 3.
    Have you usedTor/the Dark Web? a. Yes, and I’m familiar. b. Yes, a few times. c. No, but I’ve seen it used. d. No, and I have no experience. Quick Poll
  • 4.
    Session Objectives • Definewhat the dark web is • Locate common hubs and key resources • Introduce tools/methods for unmasking dark web sites
  • 5.
    Warning… • The darkweb is filled with some awful things that cannot be unseen • Ask yourself if this is really the job for you before starting • Review the risk/reward as it may create other headaches
  • 6.
    Understanding the Parts ofthe Web Deep web: Information that is more hidden or restricted, such as academic databases, newspaper archives, etc. Surface web: Where most of your day-to-day activity takes place, sites visible to search engines. Dark web: Internet within an internet, designed to be anonymous and obfuscated
  • 7.
    Key Differences • Requiresspecial software to access, an Internet within an Internet • Resistant to indexing, not easily searched • Indices are similar to Yahoo! in 1995 (Directories vs. Search Engine) • Communications within the network are always encrypted
  • 8.
    Uses for theDark Web For better… • To circumvent government censorship • To provide whistleblowers protection • To avoid monitoring For worse… • Enables sales of illegal firearms, drugs, counterfeits, etc. • Human exploitation (porn, trafficking, etc). • Hire hitmen, hackers, etc.
  • 9.
    Three Major DarkWebs • The Onion Router (Tor) - Focus for this presentation • The biggest, most well known dark web. • Most Internet-like • Invisible Internet Project (I2P) • Up and coming • Focuses on services (ie: instant messaging, email, websites, etc). • Freenet • Distributed file sharing • Offers communications
  • 10.
  • 11.
    About .onion Sites •Can only be accessed when using Tor • No master database of all .onion sites • Use of Tor allows for the creation of .onion sites • Domains are randomly generated, either 16 or 56 characters long
  • 12.
    Challenges with Tor Investigations •The network was designed to provide anonymity • Best chance at unmasking means finding a clear web connections • They don’t take PayPal, so be ready for Bitcoin • Accounts need to be anonymized and not tied to your person • There’s no Google, so you may not find what you’re after • Cultural distrust of others
  • 13.
    WHERE TO BEGIN LocatingStarting Points & Accessing
  • 14.
    Google It! • UsingGoogle/Bing provide excellent list of starting points • Reddit, Twitter discuss dark web markets in open (r/deepweb) • Dedicated sites in open web help new users find dark web markets (deepdotweb.com, darkwebnews.com) • May have to get into deep web to find other markets Deepdotweb.com
  • 15.
    Searching the “Search Engines” •Several Tor “search engines” exist that claim to scan/index Tor sites • Each use their own techniques • Nowhere near the power/sophistication of Google, Yahoo, etc • Typically unreliable – data can be stale • Biggest names: ahmia.fi and Torch Tor Search Engine
  • 16.
    Other Lists/Resources • HunchlyDaily Hidden Service • New .onions found daily by Justin Seitz at Hunchly – darkweb.hunch.ly • Reddit • https://www.reddit.com/r/onions/search?q=url%3A.onion& sort=new&restrict_sr=on
  • 17.
    Two Fast Waysto Access Tor Browser • Developed by Tor Project • Custom version of Firefox • Provides plugins and tips to keep you anonymous • This is the best/safest option Tor2Web Gateways • Add .to, .casa, .direct, or .rip to access Onion sites directly • These are often run by individuals or organizations • It is unclear what some are doing with the data (especially .link) • Use with caution! • Ex: facebookcorewwwi.onion.to
  • 18.
    BRINGING THE DARKTO THE LIGHT Techniques and Tools
  • 19.
    Find Clear WebMentions • Do you see any of the following referenced? • A clear web domain (example.com, example.net, etc) • A social media account like Facebook or Twitter • A clear web email (Gmail, Hotmail, or other custom domain) • Payment methods like PayPal, Venmo, Zelle, etc. • Right click on the page and select “View Page Source” • Search the page for .com, .net, @gmail.com, etc for potential hidden links • Webmasters may make mistakes and point to a clear web domain instead of a .onion These data points are present more often than you think!
  • 20.
    Examples of Clear Connections psychonaut3z5aoz.oniona9a19b3635191ebe97b9d3f61addc93a.endcha n5doxvprs5.onion
  • 21.
    Do Not UnderestimateThis! • Ross Ulbricht advertised Silk Road on a bitcoin forum – a breakthrough discovered by a tax investigator using Google • Vanity Jones, a major player on Silk Road, was ousted as Thomas Clark when his identity discovered on an old cannabis forum • David Ryan Burchard attempted to trademark his brand of marijuana sold on the dark web in his name
  • 22.
    Leaking IP Addresswith Censys.io • Service scans IP address space for running services and makes it searchable by domain or IP address • Entering a .onion can return an IP if a server is misconfigured
  • 23.
  • 24.
    Check for Siteson the Same Server • Only works for sites running Apache web server • Visiting example.onion/server-status can reveal: • Server information (operating system, uptime status, creation date) • Other domains using the same server • IP addresses accessing the server • What resources (pages, images, etc) are being accessed
  • 25.
  • 26.
    In Conclusion • Covereddefinitions of the dark web, how Tor works • Reviewed where to find dark web sites and resources • Provided resources and ways to potentially de-anonymize a .onion
  • 27.
    Thank you forparticipating Contact Chad Los Schumacher [email protected] / [email protected] @itisjustchad https://www.linkedin.com/in/chadls/ Contact i-Sight [email protected] Find more free webinars: http://www.i-sight.com/resources/webinars @isightsoftware

Editor's Notes

  • #3 Introduction of myself and iThreat. Overview for iThreat: We assist companies in their intelligence programs no matter where they are in their program. We do everything from supplying data and alerts to embedding analysts part or full time and have software that can make the management of data easier. Our key services with this include monitoring and investigations.
  • #7 Graphic: https://i1.wp.com/techlog360.com/wp-content/uploads/2017/04/Darknet-vs-Dark-Web-vs-Deep-Web-vs-Surface-Web.jpg?fit=900%2C500&ssl=1 Discuss what the dark web is, some of the software used (Tor being the biggest), and show how it fits into the iceberg image. Freenet is a peer-to-peer platform for censorship-resistant communication and publishing. I2P is an anonymous overlay network - a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs. I2P is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person. No network can be "perfectly anonymous". The continued goal of I2P is to make attacks more and more difficult to mount. Its anonymity will get stronger as the size of the network increases and with ongoing academic review.
  • #11 Quick overview of how Tor works. Traffic entering and within the network is encrypted Traffic exiting the network is unencrypted, but is meaningless to the operator of the exit node The same route is never taken twice