2023-10-07 –, Track 1
The dark web is filled with threat actors planning nefarious crimes. Cybersecurity professionals know that threat hunting in these underground environments is necessary, but they don’t know the most crucial step to beginning the process. ‘How do you access the deep and dark web?’ and ‘How do you gain a threat actor’s trust?’ These are the most commonly asked questions of cybersecurity professionals preparing a proactive threat hunt.
Navigating the underground requires dedication to persona management and setting up a safe and secure environment to ensure one does not expose themselves to malicious actors. Senior Threat Intel Specialist at Cybersixgill, Michael-Angelo Zummo, will demonstrate how to set up a secure environment (dirty machine) using Tails, how to find sources in the dark web, best practices when creating your first persona, communicate with threat actors, and of course, how to seek out threats once you gain access to the sources where threat actors plan, play, and profit. All while using real examples that attendees can try for themselves.
From this session attendees will:
1) Gain practical knowledge on the tools threat actors use to remain anonymous and communicate
2) Identify popular sources where threat actors communicate and share malicious tools and sensitive data
3) Learn how to threat hunt once one has successfully infiltrated these underground sources
Attendees will develop an understanding of the cyber underground discourse and discover where threat actors plan, play, and profit. However, when pursuing these threat actors, one must acknowledge the associated risks and learn how to navigate the underground safely.
This presentation will inform attendees on how to build their own personal investigation lab through the use of Tails OS and persona management. Zummo will present his techniques that he has developed after years of trial and error and provide recommendations on how to best create a persona that leads no trace back to oneself.
After that, Zummo will inform attendees on how to navigate the underground and find relevant sources where threat actors are active and communicate sensitive information. They will learn how to monitor that activity and extract any intelligence that might help them defend their organization.
While not recommended, Zummo will also show how one can communicate with threat actors using their preferred communications, such as Telegram, PGP, wickr, jabber, and more.
Michael-Angelo Zummo is the NA Intelligence Manager at Cybersixgill. He is a US Marine Corps veteran that started his career as a cryptologic linguist and intelligence analyst. He served at the NSA (National Security Agency) where he supported national security efforts against foreign threats. Zummo earned his Masters in Cybercrime Investigations and Cybersecurity from Boston University, where he transitioned from national security to digital forensics, dark web intelligence, and law enforcement