MalwareTech was an anonymous security researcher, until he accidentally stopped WannaCry, one of the largest ransomware attacks in history. That single act of heroism shattered his anonymity and pulled him into a world he never expected.

https://malwaretech.com

Sponsors

Support for the show comes from Black Hills Information Security. Black Hills has a variety of penetration assessment and security auditing services they provide customers to help keep improve the security of a company. If you need a penetration test check out www.blackhillsinfosec.com/darknet.

Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more.

Support for this show comes from Cloaked, a digital privacy tool. Cloaked offers private email, phone numbers, and virtual credit card numbers. So you can be anonymous online. They also will remove your personal information from the internet. Like home address, SSN, and phone numbers. Listeners get 20% off a Cloaked subscription when they visit https://cloaked.com/darknet. Calling 1-855-752-5625 for a free scan to check if your personal information is exposed!

Grifter is a longtime hacker, DEF CON organizer, and respected voice in the infosec community. From his early days exploring networks to helping shape one of the largest hacker conferences in the world, Grifter has built a reputation for blending deep technical insight with a sharp sense of humor.

Learn more about Grifter by visiting grifter.org.

Sponsors

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

Support for this show comes from ZipRecruiter. ZipRecruiter has solved the hiring problem. Employers prefer it the most for so many reasons. Let’s start by telling you about their matching technology. They work hard to find the best candidates for your needs, and will instantly show you results once you post a job listing. ZipRecruiter will speed up your hiring process. See it for yourself at www.ziprecruiter.com/DARKNET.

This show is sponsored by Material Security. Your cloud office (think Google Workspace or Microsoft 365) is the core of your business, but it’s often protected by scattered tools and manual fixes. Material is a purpose-built detection and response platform that closes the gaps those point solutions leave behind. From email threats to misconfigurations and account takeovers, Material monitors everything and steps in with real-time fixes to keep your data flowing where it should. Learn more at https://material.security.

The dark web is full of mystery. Some of it’s just made up though. Chris Monteiro wanted to see what was real and fake and discovered a hitman for hire site which took him on an unbelievable journey.

Chris Monteiro Twitter: x.com/Deku_shrub, Website: https://pirate.london/

Carl Miller Twitter: https://x.com/carljackmiller.

Kill List podcast: https://wondery.com/shows/kill-list/

Sponsors

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

This episode is sponsored by ProjectDiscovery. Tired of false positives and falling behind on new CVEs? Upgrade to Nuclei and ProjectDiscovery, the go-to tools for hackers and pentesters. With 10,000 detection templates, Nuclei helps you scan for exploitable vulnerabilities fast, while ProjectDiscovery lets you map your company’s perimeter, detect trending exploits, and triage results in seconds. Get automation, accuracy, and peace of mind. First-time users get one month FREE of ProjectDiscovery Pro with code DARKNET at projectdiscovery.io/darknet.

This episode is sponsored by Kinsta. Running an online business comes with enough headaches—your WordPress hosting shouldn’t be one of them. Kinsta’s managed hosting takes care of speed, security, and reliability so you can focus on what matters. With enterprise-level security, a modern dashboard that’s actually intuitive, and 24/7 support from real WordPress experts (not chatbots), Kinsta makes hosting stress-free. Need to move your site? They’ll migrate it for free. Plus, get your first month free when you sign up at kinsta.com/DARKNET.

In this episode, we delve into the multifaceted career of Joe Grand, also known as “Kingpin.” A renowned hardware hacker and computer engineer, Joe has been exploring and manipulating electronic systems since the 1980s. As a former member of the legendary hacker collective L0pht Heavy Industries, he has significantly contributed to the cybersecurity landscape. Joe is also the proprietor of Grand Idea Studio, a research and development firm, and has shared his expertise through various media, including his YouTube channel. Join us as we explore Joe’s unique perspective on hacking, engineering, and his extraordinary journey in the world of technology.

https://joegrand.com/

Sponsors

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

Support for this show comes from Lumen. It used to be hard to track your metabolism, but Lumen is a little device that you breath into which tells you if your burning fat or carbs, fast and easy and have your results in seconds. And knowing that will help you know what kind of food your body needs. And knowing that will help you with your health goals like losing weight or gaining muscle. Take the next step to improving your health go to lumen.me/darknet.

Support for this show comes from ZipRecruiter. ZipRecruiter has solved the hiring problem. Employers prefer it the most for so many reasons. Let’s start by telling you about their matching technology. They work hard to find the best candidates for your needs, and will instantly show you results once you post a job listing. ZipRecruiter will speed up your hiring process. See it for yourself at www.ziprecruiter.com/DARKNET.

Conor Freeman (x.com/conorfrmn) stole money online. Lot’s of it. In this episode we talk with him, and hear how he did it, why he did, and what he spent it on.

Conor’s website: https://conorfreeman.ie

Conor’s X: https://x.com/conorfrmn

Sponsors

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.

Support for this show comes from ZipRecruiter. ZipRecruiter has solved the hiring problem. Employers prefer it the most for so many reasons. Let’s start by telling you about their matching technology. They work hard to find the best candidates for your needs, and will instantly show you results once you post a job listing. ZipRecruiter will speed up your hiring process. See it for yourself at www.ziprecruiter.com/DARKNET.

Sources

• https://www.cbc.ca/news/canada/toronto/kidnapping-toronto-businessman-cryptocurrency-1.7376679
• https://www.irishtimes.com/news/crime-and-law/courts/circuit-court/man-jailed-for-role-in-2-million-cryptocurrency-theft-1.4411641
• https://www.irishtimes.com/news/crime-and-law/dun-laoghaire-man-could-face-108-year-us-prison-term-over-alleged-hacking-and-wire-fraud-1.3887715
• https://www.sundayworld.com/crime/irish-crime/irish-authorities-to-transfer-2m-in-stolen-cryptocurrency-back-to-us-owners-after-cab-probe/40576219.html

Have you ever got your bike stolen? In this episode we dive into the world of stolen bikes. Who does it and where do the bikes go? We talk with Bryan from Bike Index who investigates this.

https://bikeindex.org

Sponsors

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

This show is sponsored by Flashpoint. As one of the largest private providers of threat intelligence, Flashpoint delivers what security teams need most: clarity. By combining cutting-edge technology with the expertise of world-class analyst teams, their Ignite platform gives organizations instant access to critical data, expertly analyzed insights, and real-time alerts —all in one seamless platform. To access one of the industry’s best threat data and threat intelligence, visit flashpoint.io today.

Jarett Dunn, AKA StaccOverflow, stole millions of dollars from a website called Pump Fun, and he wanted to do it in the most dramatic and theatrical way he could. His big heist is known as the “Stacc Attack”.

https://x.com/STACCoverflow

He has a merch store now freestacc.io.

Sponsors

Support for this show comes from Cobalt Strike. Cobalt Strike simulates real-world, advanced cyber attacks to enable red teams to proactively evaluate an organisation’s security readiness and defence response. Their Command and Control framework gives red teamers the ability to customise their engagements and incorporate their own tools and techniques, allowing you to stress-test specific parts of your incident response capabilities. Learn more about Cobalt Strike and get a custom demo at https://cobaltstrike.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

Chris Rock is known for being a security researcher. But he’s also a black hat incident responder. He tells us about a job he did in the middle east.

https://x.com/chrisrockhacker

Sponsors
Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit http://try.flare.io/darknet-diaries to learn more.

In Episode 20 of Darknet Diaries, we heard from Greg aka “mobman” who said he created the sub7 malware. Something didn’t sit right with a lot of people about that episode. It’s time to revisit that episode and get to the bottom of things.

Sponsors
This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

Sources
https://www.youtube.com/watch?v=GDMc2PZM4V4
https://www.illmob.org/notmymobman/
https://darknetdiaries.com/episode/20

In this episode we hear EvilMog (https://x.com/Evil_Mog) tell us a story about when he had to troubleshoot networks in Afghanistan. We also get Joe (http://x.com/gonzosec) to tell us a penetration test story.

Sponsors
Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

Ever wondered how far a fan would go to get a sneak peek of their favorite artist’s unreleased tracks? In this episode, we uncover the audacious story of some teens bent on getting their hands on the newest dubstep music before anyone else.

Sponsors
Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.