performing-dark-web-monitoring-for-threats

# Performing Dark Web Monitoring for Threats ## Overview Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked credentials, data breaches, threat actor discussions, vulnerability exploitation tools, and planned attacks. This skill covers setting up monitoring infrastructure, using Tor-based collection tools, implementing automated alerting for brand mentions and credential leaks, and analyzing dark web intelligence for actionable threat indicators. ## When to Use - When conducting security assessments that involve performing dark web monitoring for threats - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Tor Browser and Tor proxy (SOCKS5 on port 9050) - Python 3.9+ with `requests`, `stem`, `beautifulsoup4`, `stix2` libraries - Understanding of Tor hidden service architecture (.onion domains) - API access to dark web monitoring services (Flare, SpyCloud, DarkOwl, Intel 471) - Awareness of legal and ethical boundaries for dark web research - Isolated VM for dark web browsing (no personal or corporate identity leakage) ## Key Concepts ### Dark Web Intelligence Sources - **Underground Forums**: Hacking forums where threat actors discuss TTPs, sell exploits, and...