Void Runner
3.6M
Dark web (Tor) resources discovered
>10k
Unique dark web users discovered
>150k
Chats, forums and market places discovered
165k
Suspected dark web enabled C2 service historical records
Void Runner: Dark Web Intelligence
Dendrite’s Dark Web Intelligence engine (“Void Runner”) performs active collection, characterization and analysis of dark web users & services, to include websites, marketplaces, chats, forums, file repositories & depositories, paste sites and much more. Each service or user identified is represented by a record, which is updated within our databases and continuously enriched with high fidelity metadata and correlations to both our proprietary & third-party data sources.
What’s Inside:
-
Explore metadata of millions of services on the Dark web, to include websites, chat rooms, forums, file repos and more - each featuring many hundreds of data points of correlations.
-
User information is extracted from hidden services records to create permanent records and in many cases; perform automated link analysis between sites, other users, credentials and how a dark web user makes contact with the surface web.
-
Hidden services controlling botnets, malware (e.g., RATs like DarkComet or RedLine), and ransomware deployments are fingerprinted and searchable within our database.
-
Encrypted IRC/XMPP servers, Jabber instances, and forums are identified. These are often used for coordinating attacks, tool development and recruiting insiders to your organization. While access to these servers is not guaranteed by Void Runner, they serve as important data points in many analysis.
-
Once a record is created, it exists within our database forever - enabling forensic analysis of resources which may have been used & spun down after the conclusion of an attack and powering link analysis between hidden resources.
Part of the Complete Data Platform
Each of our core capabilities is represented by a fully independent extract, transform and load (ETL) pipeline, enabling Dendrite to ingest and correlate data between technically disparate resources and infrastructure. All records built by Void Runner are enriched with many hundreds of additional data points, linking dark web services, users, communication hubs and historical records to Command & Control servers, Leaked credentials and even the surface web.
Capabilities in Contrast: Intelligence vs. Monitoring
Dark Web Monitoring versus Dark Web Intelligence. Learn the difference, how they enable defenders differently, and why Dendrite bets on the latter.
Built different, from the ground up.
Dendrite was founded by leaders, innovators and practitioners, combining many decades of experience building cybersecurity assets, big data and infrastructure solutions at the enterprise and mega-scale. Built from the ground up with the goal of augmenting existing analysis workflows, Dendrite's data driven approach aids defenders with actionable intelligence, gained by bringing context to a sea of information.
So many things in development
Our pursuit of perfection in enterprise defense mandates that every stone is upturned - no matter how fringe the case or how difficult the path to development may be.
With dozens of POC’s and MVP’s in the works, our researchers and development teams work to continuously deliver bleeding edge capabilities to Dendrite’s clients and partners.
Get in touch
Interested in learning more, scheduling a demo or speaking with our team? Get in contact with us - we'd love to hear from you.