Void Runner
Notice: Patent Pending
Certain technical details, processes, methods, and innovations described or illustrated on this page have been intentionally omitted or redacted to protect confidential trade secrets and patentable subject matter.
One or more patent applications have been filed (or are in preparation) with respect to the technologies and inventions referenced herein. These inventions are currently Patent Pending in the United States and/or other jurisdictions.
1 . 8M
Dark web (Tor) resources discovered
80k
Unique dark web users discovered
150k
Chats, forums and market records created
165k
Suspected dark web enabled C2 service historical records
Void Runner: Dark Web Intelligence
Dendrite’s Dark Web Intelligence engine (“Void Runner”) performs active collection, characterization and analysis of dark web services, to include websites, marketplaces, chats, forums, file repositories & depositories, paste sites and much more. Each service identified is represented by a record, which is updated within our databases and continuously enriched with high fidelity metadata and correlations to both our proprietary & third-party data sources.
What’s Inside:
-
Explore meta of millions of services on the Dark web, to include websites, chat rooms, forums, file depos & repos and more - each featuring many hundreds of data points of correlations.
-
User information is extracted from hidden services records to create permanent records and in many cases; perform automated link analysis between sites, credentials and how a dark web user makes contact with the surface web.
-
Hidden services controlling botnets, malware (e.g., RATs like DarkComet or RedLine), and ransomware deployments are fingerprinted and searchable within our database.
-
Encrypted IRC/XMPP servers, Jabber instances, and forums are identified and. These are often used for coordinating attacks and recruiting insiders to your organization. While access to these servers is not guaranteed by Void Runner, they serve as important data points in many analysis.
-
Once a record is created, it exists within our database forever - enabling forensic analysis of resources which may have been used & spun down after the conclusion of an attack and powering link analysis between hidden resources.
Part of the Complete Data Platform
Each of our core capabilities is represented by a fully independent extract, transform and load (ETL) pipeline, enabling Dendrite to ingest and correlate data between technically disparate resources and infrastructure. All records built by Void Runner are enriched with many hundreds of additional data points, linking dark web services, users, communication hubs and historical records to Command & Control servers, Leaked credentials and more.
Capabilities in Contrast: Intelligence vs. Monitoring
Dark Web Monitoring versus Dark Web Intelligence. Learn the difference, how they enable defenders differently, and why Dendrite bets on the latter.
Built different, from the ground up.
Dendrite was founded by leaders, innovators and practitioners, combining many decades of experience building cybersecurity assets, big data and infrastructure solutions at the enterprise and mega-scale. Built from the ground up with the goal of augmenting existing SIEM, CTI and DE workflows, Dendrite's data driven approach aids defenders with actionable intelligence, gained by bringing context to a sea of information.
So many things in development
Our pursuit of perfection in enterprise defense mandates that every stone is upturned - no matter how fringe the case or how difficult the path to development may be.
With dozens of POC’s and MVP’s in the works, our researchers and development teams work to continuously deliver bleeding edge capabilities to Dendrite’s clients and partners.
Get in touch
Interested in learning more, scheduling a demo or speaking with our team? Get in contact with us - we'd love to hear from you.