GETTING STARTED WITH USING THE DARK WEB FOR OSINT INVESTIGATIONS

Transcript

1. GETTING STARTED WITH USING THE DARK WEB FOR OSINT INVESTIGATIONS.

   OLAKANMI OLUWOLE 20-03-2021

2. Our mission To monitor and alert users of immediate risk

   using a tactical approach, research, analyze and monitor the technical developments of various cyber trends and threat-actors in the following fields:

3. How we are doing it We gather massive amounts of

   data using various sources such as publicly available web references, social media channels and the deep dark web using a wide range of honey-pot techniques.

4. Cyber Threat Intelligence tailored for Africa

5. None
6. None

7. Global standards, Local expertise.

8. OSINT We gather massive amounts of data using various sources

   such as publicly available web references, social media channels and the deep dark web using a wide range of honey-pot techniques. WHO USES OSINT? We gather massive amounts of data using various sources such as publicly available web references, social media channels and the deep dark web using a wide range of honey-pot techniques.

9. We're investigating a missing person's case. The image missing.png was

   the last image uploaded by the missing person. We're looking for the location the person took and uploaded the picture and also the name of Wi-Fi SSID the person posted from CHALLENGE 01 https://docs.google.com/uc?export=download&id=1ob0uiTj45clIJIMcrDHVBkoMkfn5RQui

10. CLEARNET/SURFACE WEB The Surface Web also called the Visible Web,

    Indexed Web, Indexable Web or Lightnet, etc. is the portion of the internet that is readily available to the general public and searchable with standard web search engines. DEEP WEB The deep web consist of a website or any page on the website which are not indexed by search engines. It can only be access by authorized personal Deep web is used to store most personal information like (Cloud storages, any organization personal data and military data etc)

11. DARK WEB The dark web forms a small part of

    the deep web, the part of the Web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web. Legal to access but any illegal activity can be prosecuted. TOR Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays in order to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. To access the darknet, you need the Tor Browser.

12. REASONS TO USE THE DARKWEB • Avoid internet censorship •

    Anonymity • Illegal Operations • Investigations

13. JUST BEFORE YOU GET STARTED • Tor network is automatically

    encrypted • Domains on the dark web are randomly generated • Transactions are mostly done using cryptocurrency, perfect money, etc. • You can also access onion sites using Tor2web • You won’t always find what you’re looking for • A lot of sock puppets so real identification is tougher

14. RESOURCES TO GET STARTED - Clearnet • https://onion.live/ • DeepDotWeb.com

    - Now seized by US DoJ • Dark Search - https://darksearch.io/ • Hunchly daily dark web reports • r/onion

15. RESOURCES TO GET STARTED – Dark Web • Ahmia -

    http://msydqstlz2kzerdg.onion • Dark Search - http://darkschn4iw2hxvpv2vy2uoxwkvs2padb56t3h4wqztre6upoc5qwgid.onion • NotEvil - http://hss3uro2hsxfogfq.onion • Quo - http://quosl6t6c64mnn7d.onion • OnionLand - http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion • Tor66 Onions - http://tor66sewebgixwhcqfnp5inzp5x5uohhdy3kvtnyfxc2e5mxiuh34iid.onion/fresh

16. To Find Location: - Look up wafflesncream '18 skateboard as

    seen on the image - Results shows wafflesncream website - Using any Exif tool, creating date of image is 2018 - Visit wafflencream website and search for 2018 - Results shows there was an event held at upbeat center and same picture is seen on the website To Find Wi-Fi SSID - Now we know location is “Upbeat Center” - Look up upbeat address - Go to wigle.net and search for upbeat address area or long and lat - Filter result to contain the year 2018 - Search for SSIDs in the area - SSID "UpBeat" is seen with mac address seen in the image exif data CHALLENGE FLAG.

17. Tweet was seen regarding a breach but with little information.

    We need to know where it was posted, user who posted, verify breach. CHALLENGE 02

18. ADDITIONAL RESOURCES • Server status – example.onion/server-status • Censys.io -

    443.https.tls.certificate.parsed.names: onion • Shodan- ssl:“.onion”, “.onion” • ExoneraTor - https://metrics.torproject.org/exonerator.html • OnionScan - https://onionscan.org/
19. None