New In-Person Event locations added! Choose your event, and join us for practical cyber security training.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS Dark Web Solutions Forum - Illuminating the Dark Web: Harvesting and Using OSINT Data from Dark Web Resources

  • Friday, November 15, 2019 at 8:30 AM EST (2019-11-15 13:30:00 UTC)
  • Micah Hoffman


  • Terbium Labs
  • Sophos Inc.
  • Viavi Solutions
  • RecordedFuture

You can now attend the webcast using your mobile device!



In the Boston area? Join us at the Live Event. Register here.

Listening to the news nowadays, we hear how the "Dark Web" is used to conduct illicit activities and how import it is to search for data that your organization or your customers deem important within those Dark Web resources. But in the very next sentence, many of these reports caution regular users to not visit Dark Web sites because of a fear that their computer applications and systems might be attacked and possibly compromised. So, how do we get at this valuable data on the Dark Webs without visiting the sites ourselves?

This live simulcast will showcase methods of retrieving, searching, and analyzing Dark Web data without visiting those, potentially malicious systems. Through customer examples, participants will leave the briefing with a good understanding of techniques and tools that can assist their organizations and clients with using Dark Web data.

Topics will include:

  • Data collection
  • De-anonymization techniques
  • Data aggregation and normalization
  • Dark Web user activity analysis
  • Usage trends among and within Dark Webs
  • Dark Web analyst security/OPSEC
  • Dark Web content monitoring and alerting

Earn 4 CPE Credit hours for attending this event.


8:00am - 8:30am: Registration & Coffee Networking

8:30am - 9:15am: Welcome & Keynote: The Dark Web Isn't That Dark Anymore
Micah Hoffman, Forum Chair and SANS Certified Instructor

9:15am - 10:00am: Strategies for Monitoring and Analyzing Sensitive Data on the Dark Web
Emily Wilson, VP of Research, Terbium Labs

10:00am - 10:30am: Networking Break

10:30am - 11:15am: Herb Weaver, Channel Sales Engineer, Sophos

11:15am - 12:00pm: Session by Recorded Future

12:00pm - 12:15pm: Closing Remarks

Speaker Bio

Micah Hoffman

Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micah\'s SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and he\'s been a SANS Certified Instructor since 2013. He\'s the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.