2025-10-24 –, Europe
This talk explores various techniques, tactics, and psychological models used to infiltrate emerging threat actor groups. We will examine the process of target identification and discuss when it is appropriate to attempt infiltration. Additionally, we take a closer look at the concept of probing the enemy and the idea of weaponizing new relationship energy (NRE), which can be effective at destabilize individuals and placing them outside of their comfort zones. An important aspect of Persona Theory is not only what we write but also how we present it. Stylometric analysis can be particularly useful in this area. We will compare transliteration and translation (both human and machine) to understand how to pass as a native speaker.
Persona Theory goes beyond the sock puppet and examines the essence, the persona, and what it takes to make a believable persona and how to build relationships online where no one trusts each other by design.
We begin by examining the philosophical foundation of Persona Theory, the idea that everyone wears masks, especially online, and connecting it to the fundamentals of threat intelligence gathering.
Persona Theory outlines the stages of infiltration: identifying targets, probing their weaknesses, gathering intelligence, verifying authenticity, and conducting deep analysis. These stages are demonstrated through practical examples, particularly focused on illicit forums like RAMP, Telegram and other private channels, where recruitment and initial contact occur.
Next, we explore persona sculpting, from stylometry (writing style and language usage) to time zone alignment and geopolitical masking. Techniques include leveraging adjacent Slavic and regional languages, transliteration, and carefully crafted writing habits to convincingly inhabit an identity.
Then we look at case studies that bring the theory to life, walking the audience through actual infiltration scenarios.
Tammy is a Senior Threat Intelligence Researcher and Certified Dark Web Investigator at Flare. She currently is an admin and volunteer researcher for the open source project RansomLook and a contributor to the DeepDarkCTI project. When she is not working on infiltrating dark web communities she is listening to techno and ambient and sipping a delicious matcha latte. Her other hobbies include street and nature photography, reading, hiking, and camping.