The document discusses how to conduct open-source intelligence (OSINT) investigations using the dark web, providing an overview of the surface web, deep web, and dark web; resources for finding dark web sites like search engines and directories; and tips for investigating cases like finding the location and Wi-Fi network from a photo's metadata. It aims to educate on safely and legally utilizing open-source information on the dark web for investigative purposes.
2. Our mission
To monitor and alert users of immediate risk using a tactical approach,
research, analyze and monitor the technical developments of various
cyber trends and threat-actors in the following fields:
3. How we are doing it
We gather massive amounts of data using various sources such as
publicly available web references, social media channels and the deep
dark web using a wide range of honey-pot techniques.
8. OSINT
Opensource Intelligence. It’s the process of fetching and analyzing
publicly available data.
WHO USES OSINT?
Law enforcement, Cyber criminals, OSINT investigators, Private
investigators, Human Resource managers, etc.
9. We're investigating a missing person's case. The image missing.png
was the last image uploaded by the missing person. We're looking for the
location the person took and uploaded the picture and also the name of
Wi-Fi SSID the person posted from
CHALLENGE 01
https://docs.google.com/uc?export=download&id=1ob0uiTj45clIJIMcrDHVBkoMkfn5RQui
10. CLEARNET/SURFACE WEB
The Surface Web also called the Visible Web, Indexed Web, Indexable
Web or Lightnet, etc. is the portion of the internet that is readily available
to the general public and searchable with standard web search engines.
DEEP WEB
The deep web consist of a website or any page on the website which are
not indexed by search engines. It can only be access by authorized
personal Deep web is used to store most personal information like (Cloud
storages, any organization personal data and military data etc)
11. DARK WEB
The dark web forms a small part of the deep web, the part of the Web
not indexed by web search engines, although sometimes the term deep web is
mistakenly used to refer specifically to the dark web. Legal to access but any
illegal activity can be prosecuted.
TOR
Tor is free and open-source software for enabling anonymous communication
by directing Internet traffic through a free, worldwide, volunteer overlay network
consisting of more than seven thousand relays in order to conceal a user's
location and usage from anyone conducting network surveillance or traffic
analysis. To access the darknet, you need the Tor Browser.
12. REASONS TO USE THE DARKWEB
• Avoid internet censorship
• Anonymity
• Illegal Operations
• Investigations
13. JUST BEFORE YOU GET STARTED
• Tor network is automatically encrypted
• Domains on the dark web are randomly generated
• Transactions are mostly done using cryptocurrency, perfect money, etc.
• You can also access onion sites using Tor2web
• You won’t always find what you’re looking for
• A lot of sock puppets so real identification is tougher
14. RESOURCES TO GET STARTED - Clearnet
• https://onion.live/
• DeepDotWeb.com - Now seized by US DoJ
• Dark Search - https://darksearch.io/
• Hunchly daily dark web reports
• r/onion
15. RESOURCES TO GET STARTED – Dark Web
• Ahmia - http://msydqstlz2kzerdg.onion
• Dark Search - http://darkschn4iw2hxvpv2vy2uoxwkvs2padb56t3h4wqztre6upoc5qwgid.onion
• NotEvil - http://hss3uro2hsxfogfq.onion
• Quo - http://quosl6t6c64mnn7d.onion
• OnionLand - http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion
• Tor66 Onions - http://tor66sewebgixwhcqfnp5inzp5x5uohhdy3kvtnyfxc2e5mxiuh34iid.onion/fresh
16. To Find Location:
- Look up wafflesncream '18 skateboard as seen on the image
- Results shows wafflesncream website
- Using any Exif tool, creating date of image is 2018
- Visit wafflencream website and search for 2018
- Results shows there was an event held at upbeat center and same picture is seen on the
website
To Find Wi-Fi SSID
- Now we know location is “Upbeat Center”
- Look up upbeat address
- Go to wigle.net and search for upbeat address area or long and lat
- Filter result to contain the year 2018
- Search for SSIDs in the area
- SSID "UpBeat" is seen with mac address seen in the image exif data
CHALLENGE
FLAG.
17. Tweet was seen regarding a breach but with little information. We need to
know where it was posted, user who posted, verify breach.
CHALLENGE 02