Dark Web Monitoring

You've beefed up your malware defenses. You've prepared for direct exploitation. But what have you done to protect your organization against its own people? You know: click-everywhere, download-anything, user:password1 (written on a post-it) people. Your colleagues (great as they are) are one of the weakest links in the security chain—and the reason why the 2016 Verizon Data Breach Investigations Report (DBIR) found that 63% of confirmed data breaches leveraged weak, default, or stolen passwords. Security training is a smart way to start lowering those numbers. But even we wouldn't count on 100% of our people using smart security practices. And that's our entire business. 

It's clear detecting the use of compromised credentials should be a top priority for any security team. And whether you’re seeking technology solutions to detect this attacker technique or an expert team to detect it in your environment, Rapid7 has your back. 

Gain Visibility into Hacker Communities and Underground Marketplaces

Cybercriminals lurk in the dark web to methodically coordinate their attacks, sell illicit goods, distribute malware and phishing kits, and share other prebuilt exploits. Identify threat actors and their intentions at the earliest stages so you can properly prepare your defenses. Go behind enemy lines. 

Get Early Warnings of Targeted Attacks

Leverage the broadest and deepest coverage of dark web sources to gain visibility into threat actors and their activities. We access restricted channels and automate intelligence gathering to anticipate attacks targeting your organization, employees, and customers. Go to the dark side.

Discover New Hacking Tools and Exploit Kits

Monitor exclusive dark web forums and private hacker channels. Uncover new cybercriminal tactics and tools used to automate attacks, test for weaknesses, and scam you and your customers. Understand how perpetrators attack you.

Understand and Engage Your Adversaries

Rely on our team of analysts to monitor your adversaries and engage with threat actors. We can obtain data samples, uncover motives, and help you deploy smarter cybersecurity workflows. Make Threat Command your surveillance agent.

Sample 1
Sample 1

Escrow on the Dark Web

Escrow on the Dark Web

Escrow on the Dark Web refers to the use of a neutral third party on the dark web to ensure that a transaction payment will be made to a seller on completion of items sent to a buyer.

Generally, after a purchase is made, the funds are held ‘in escrow’ to be released when the buyer states the seller has met the terms of the purchase. Generally, the third party will also offer arbitration in case of a dispute between the two parties.

How Do You P2P Escrow on the Dark Web?

P2P Escrow on the Dark Web refers to transactions using ‘P2SH’ addresses as defined by BIP 016. A public key is provided by a seller, market, and vendor, and used to create an address which requires two of the three parties to sign in order to redeem. The buyer then makes payment to this address.

The ‘redeemScript’ is extremely important because it details the information needed to redeem funds sent to the address, which is a hash of the redeemScript. The goal of this method is that no single party has enough information to take funds from these P2SH addresses. Even if the market is hacked or taken down, the funds cannot be seized, and a buyer and seller can, with the redeemscript, finalize a transaction outside of the market’s involvement if they choose to.

Cybercriminals use the dark web to buy and sell illegal goods and services, coordinate attacks, distribute malware and phishing kits, and share other prebuilt exploits. Threat Command can help identify threat actors and their intentions with broad coverage of dark web sources.

Sample 2

Onionland

Onionland is a term used to describe the dark web in general. OnionLand is also the name of a prominent site that acts as a major search repository for finding items on the dark web. Web crawlers that build the indexes used by conventional search sites do not crawl the dark web. Onionland’s listings are created manually.

The name Onionland, and its use as a synonym for the dark web, comes from a technique known as onion routing. Onion routing uses multi-layered encryption to anonymize communication over a computer network. Unpacking these layers of encryption is likened to peeling an onion.

Sample 3

What is a Dark Web Onion Browser?

What is a Dark Web Onion Browser?

A web browser that is designed to work with the Tor network to browse Dark Web and normal websites anonymously, without leaking user information. The Tor browser is the most well-known implementation of onion routing used on the Dark Web.

Cybercriminals use the dark web and Onion browsers such as the Tor browser to buy and sell illegal goods and services, coordinate attacks, distribute malware and phishing kits, and share other prebuilt exploits.

Threat Command can help identify threat actors and their intentions with broad coverage of dark web sources.