Dissecting the Dark Web

Download Chapter 7: Command-and-Control Frameworks

Getting into the dark web isn’t simple. You need Tor. You need clean OPSEC. And even then, the forums worth being in don’t just let you walk through the door. The top-tier ones require vouches from established members, Bitcoin deposits, proof that you’re somebody.

In 2021, Lindsay Kaye was among the first to reverse engineer and publicly disclose a new ransomware variant. She did it before the group behind it, BlackMatter, had even started operations. How? She found it by watching the dark web forums where the group was quietly recruiting affiliates.

This book takes you inside that world and into the code behind the tools she found there:

• Raccoon Stealer—a credential stealer behind hundreds of millions of stolen passwords, and the SQL query it uses to pull them straight out of your browser
• TrickBot—the banking trojan that infected millions of Windows machines, and how it injects into Chrome and hooks the functions handling your banking traffic
• Cerberus—an Android banking trojan sold on dark web forums for $200 a month, and how it overlays a fake login page on top of your real banking app
• LockBit—one of the most prolific ransomware operations in history, and how it kills backup services, deletes shadow copies, and pushes a Group Policy update to every machine on the domain before encryption starts
• Mirai—the botnet that knocked half the internet offline in 2016, and how it’s able to find and infect new devices to expand its reach
• Sodinokibi/REvil and ALPHV—two of the most destructive ransomware-as-a-service operations ever, taken apart from the affiliate recruitment posts to the encryption code

Threat reports tell you what happened. This book shows you how.