Maltego Part 7. DarkNet matter

DarkNet. Oh, how much in this word: and pathos, and horror, and misunderstanding … and the area of ​​useful knowledge. The main negative comes from those who are not too in the subject. In fact, the Dark Net is the same Internet, but it lives in its original and uncluttered corporate and government regulation form.

And today we will talk about how to search for information within OSINT on this particular part of the World Wide Web.


Before reading, I recommend that you familiarize yourself with the previous articles in the series about Maltego:

Part 1 – What is Maltego and why is it needed at all

Part 2 – Interface and basic device

Part 3 – Maltego and OSINT on Facebook

Part 4 – Maltego and OSINT on VK, Instagram, LinkedIN and other social networks

Part 5 – Application of Facial Recognition System for OSINT in Maltego

Part 6 – Finding Information Using Geolocation

There is a lot of useful information there.

Disclaimer

Disclaimer

For a correct demonstration of the mechanics, I will use the working examples I already know for finding information. They are not fully real, but they are highly representative. All information presented in this article is for informational purposes only. To repeat these techniques, you need a bundle from Maltego with the Social Links plugin.

Well, let’s be honest: OSINT on DarkNet forums is not a search for your former classmates in VK and not something that you will do within the framework of standard OSINT cases.

In this article, I will try to describe the methods from personal practice in which I used DarkNet search.

Checking the reliability of employees

Sometimes an employer, especially a large one, has reasonable questions: “Do my employees sell inside information?” or “Is everything clean with our new candidate for position X?” A reliable method is to check both the employee’s biography and their social media behavior. But sometimes, to answer the questions mentioned above, and many other questions, you need to dig even deeper. And this is where Maltego can come to our rescue.

We will check a certain Tina Tomson from Berlin for illegal activities.

First, we take the known information about the employee and fill in the graph. We know the location (Berlin), Name and Surname (Tina Thomson) and e-mail (tin.ka0186@gmail.com).

Using Entitie: Search Person we run Transform: [Facebook] Search Users… We get Tina’s Facebook account.

For Entitie: Email Address we start Transform: [Facebook] Lookup By Email… Maltigo in good faith finds the same account, which confirms that this is the person we need.

We continue to move forward and request all data from the Facebook page for the graph through Transform: [Facebook] Get User Details… We receive additional information about the place of work, study, residence (if this information is filled in in the Facebook profile). As a bonus, we get a linked Instagram account.

Now there will be a trick that I showed earlier in article # 3 about Facebook. We need to complete for both accounts Transform: [Convert] To Entities From Profileto get the alleged Alias ​​of a person (well, or, to put it simply, hypothetical nicknames).

Now we have the first 2 starting points through which we can search the forums in the Dark Net – these are users with the nickname tina.tomson.927 and tinka87.
Launch Transform: [Darknet] Search User on both Alias ​​and see the result.

And here is the user. On a certain Skynet Forum at 5jloХХХХХХwk3.onion (changed, because there is no need to throw links to darknet forums) there is a user with the nickname tinkati87. Now this is suspicious information!

Let’s check what this user is writing. To do this, run Transform: [Darknet] User Posts.

And here is the evidence. User tinkati87 on the Skynet Forum sells answers to exam tests at the University of Berlin. And as we have already established with you earlier – this is where it works. And it is under the same nickname that she is registered on Instagram.

Also, if necessary, we can unload the forum topic on the graph and unload the accounts of users who take part in the discussion from it, in order to subsequently try to identify the students who may have bought answers to the test from her.

Another interesting option is the ability to download the entire forum web page directly from Maltego.

And note, we were able to carry out all this investigation, even without visiting this forum and * .onion sites.

PGP key that could

A common practice in DarkNet is to use PGP keys to secure correspondence. However, these keys can play a cruel joke on the owner if they fall into the wrong hands.

– How? – you ask? Very simple! A PGP key often contains information about which E-mail it belongs to. Do you smell what it smells like in relation to DarkNet? Especially for this case, I generated such a key. By uploading it to Entitie: PGP Open Key, we start the magic with Transform: [Convert] PGP To Email

Voila! We have an email address.

What to do next? Let’s look for such an account on Facebook. Launch Transform: [Facebook] Lookup By Email

And, as a result, we get a Facebook account.

Finding information on the DarkNet forums by keywords and phrases

Now let’s get to something more interesting – information search for given key phrases. Everything is like with Google. We take Entitie: Phrase and give it the meaning of the search word / sentence. We apply Transform: [Darknet] Search Posts and we get a selection of posts on various forums where the phrase we have indicated is.

In addition to simply searching through forums, there is also an opportunity to search for “products” on thematic sites. The same Entitie will help us with this, only now we will run Transform: [Darknet] Search Products… In the search results, we will receive links to the “lots” of products.

You can also search for products from Entitie: Location… Here Transforms are available to us to search for delivery to and from a location: [Darknet] Search Products (shipping from) and [Darknet] Search Products (shipping to)

As always with the Darknet – goods for every taste. From firearms to cash out. Joke. Almost.

That’s all for today. Remember, the dark web can be as great a source of information as Google. The main thing is to be able to search. Don’t miss the following articles! If you have any questions, then do not hesitate to ask in the comments to the articles. I will try to answer and help. Well, if you want to read about the most interesting news from the world of information security and technology, come to our cozy tg channel

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *