FIND BREACHED DATA
with our Dark Web Monitoring

Kaduu’s Dark Web Monitoring Service gives you visibility into your organization’s Darknet data exposure and prevents threats from becoming incidents

Cyber criminals run daily attacks against organizations and their employees. In case of success, they try to commercialize the captured data. Often, they sell it to other hackers as leverage and/or in preparation for further attacks. If, for example, login credentials are stolen, they can be used to spread malware or gain access to further internal systems. The stolen data becomes a valuable product, and the hacker becomes a businessperson that trades that product – mainly in the Dark Web. As a result, millions of breached accounts, credit card and other data pop up almost daily in the Dark and Deep Web.

Darknet Monitoring

Client Testimonials

The Darknet Threat

Login credentials and other breached data can be used to prepare targeted attacks against an organization. Even if the login data of an employee originates from a third party website, the threat is real and common because of password re-use, that is, employees often use the same or similar password to log into the organization’s applications. Often, breached data also contains a lot of valuable information about the target organization or its employees. This could help an attacker prepare spoofing or impersonation attacks.

Our Approach: Darknet Monitoring

What is Darknet Monitoring?

Monitoring whether your organization’s name appears in Dark Web forums, Onion-, I2P and paste sites can help you detect potential insider threats, enabling you to prevent data leaks and other incidents that may cause damage to your organization. Dark Web monitoring involves actively searching and tracking the Dark Web for information about your organization, including leaked or stolen data, compromised passwords, breached credentials, intellectual property, and other sensitive data.

Technical Information

Dark Web Threat Intel Benefits

Dark Web Threat Intelligence helps you monitor breached data or mentionings of your organisation in the Deep- and Dark Web. This prevents even more severe breaches in the future – if you interfere before hackers can use the stolen data to escalate their attacks. This service will give you the chance to enforce password changes in time. Concerning employee behavior, you can create a teachable moment, reminding all employees about secure internet and email usage. Since the breaches also contain passwords, you will be able to identify users who use the same or similar passwords over multiple websites/applications. You also will be able to find risky users, i.e., users who register with their company email account on many different private websites.

How does darknet monitoring work?

Monitoring is done by analysts, but also by automated services. Our dark web monitoring services scan servers on the dark and deep web every day to look for information that criminals can misuse. This includes hacker forums, Telegram and Discord channels, paste sites, and many other sources. All of this data goes into a database that you can search through using a variety of search options. We also offer interfaces that allow you to search live in hacker forums, Telegram channels, Discord channels, paste sites and web servers in the darknet (Onion URL’s) for any keywords.

Is your organisation mentioned in cyber crime hacker channels? You can find out yourself!

  • Hacker Forum Monitoring: Hacker forums provide clues to possible attack techniques, attack preperations against clients or leacked data. Kaduu enables you to explore and monitor hacker forums, allowing our clients to gain a better understanding of the tools and techniques used by hackers and the areas that are most likely to come under attack. In this deep-web search, we log in to +50 known hacker forums with various accounts and submit the keyword that is entered in the search mask of Kaduu. For example, you can enter your company name or a brand to see if people are talking about it in the forums. If there are results for the search term, we show them in a link as a download. The corresponding pages are saved as a screenshot and also as a web page. We focus on the most popular forums in English, German, French and Russian language.
  • Telegram Monitoring: Hackers share data leaks on Telegram in different ways. In some channels, hackers post data dumps with short explanations about what people can find in them. In these channels, minimal conversations occur. However, there are also dedicated hacking groups where many members actively discuss various aspects of Internet crime. Telegram has over 500 million active users, and many of these users are likely to have created or joined channels. Telegram allows anyone to create a channel and there’s no limitation or verification process to it, so the number of channels on the platform is quite high.Kaduu allows you to search the discussion history by comparing your keyword query with real accounts and presenting you the results in a downloadable format. We query around 200+ Telegram channels related to cyber crime.
  • Discord Monitoring: Discord is a popular communication platform designed for online communities and gamers. It offers a variety of features including text, voice and video chat, file sharing, and gaming integrations. The platform allows users to create and join virtual servers (also called “Discord servers”) to connect with others based on common interests. Discord can be used by hackers in various ways. Therefore its important to monitor.

Dark Web Monitoring Use Cases

Leaked login credentials can be used as a valuable teaching opportunity for user awareness training by demonstrating the risks and consequences of poor password hygiene and security practices. Here are some ways that you can use leaked credentials for user awareness training:

1. Simulate a phishing attack: Use the leaked credentials to create a fake phishing email that looks like it’s from a legitimate source, but is actually designed to trick users into giving away their login credentials. This can help employees understand how easy it is to fall for a phishing scam and the importance of being vigilant about suspicious emails.

2. Conduct a password audit: Use the leaked credentials to check if any of the employees are using the same password for multiple accounts or if they are using weak passwords that are easy to guess. This can help employees understand the importance of using strong, unique passwords for each account.

3. Run a training session: Use the leaked credentials as a case study to educate employees on the risks of poor password hygiene and security practices. Highlight the potential consequences of data breaches and the importance of using strong passwords, enabling two-factor authentication, and reporting any suspicious activity.

4. Test employees’ security awareness: Use the leaked credentials to test employees’ awareness of security best practices. This can be done through a quiz or an interactive game that tests employees’ ability to identify phishing scams or create strong passwords.

By using leaked credentials as a teaching opportunity, employees can gain a better understanding of the risks and consequences of poor security practices and become more aware of the importance of maintaining strong password hygiene.

Leaked login credentials can be useful in a penetration test by allowing testers to simulate a real-world attack scenario and identify potential vulnerabilities in an organization’s security system. Here are some ways that leaked login credentials can be used in a penetration test:

1. Credential stuffing: Use the leaked credentials to test whether employees have reused their passwords across multiple systems. This can help to identify weak passwords and other security issues such as weak authentication mechanisms and lack of two-factor authentication.

2. Targeted attacks: Use the leaked credentials to launch targeted attacks against specific systems or accounts within the organization. This can help to identify vulnerabilities that could be exploited by an attacker to gain access to sensitive data or systems.

3. Password cracking: Use the leaked credentials to test the strength of the organization’s password policies and whether passwords are properly stored and encrypted. This can help to identify weak passwords and poor password storage practices.

4. Social engineering: Use the leaked credentials to conduct social engineering attacks, such as phishing or spear-phishing, to test employees’ security awareness and identify any weaknesses in the organization’s security culture.

It’s important to note that any use of leaked credentials in a penetration test should be done with the permission and knowledge of the organization being tested. Additionally, the testers should take appropriate measures to ensure that any sensitive information obtained during the test is kept confidential and not misused.

Monitoring of hacker forums can help organizations prevent cyber attacks in a number of ways:

Early warning system: By monitoring hacker forums, organizations can gain early warning of potential threats and vulnerabilities. Hacker forums are often the first places where new threats and exploits are discussed and shared, and monitoring these forums can give organizations a head start in preparing for potential attacks.

Threat intelligence: Monitoring hacker forums can provide valuable intelligence on the tactics, techniques, and procedures (TTPs) used by threat actors. This information can be used to develop effective countermeasures and defensive strategies.

Proactive defense: By monitoring hacker forums, organizations can identify potential targets and weaknesses in their own infrastructure. This information can be used to proactively strengthen defenses and reduce the attack surface of the organization.

Incident response: If an attack does occur, monitoring hacker forums can help organizations to quickly identify the source and nature of the attack. This information can be used to develop effective incident response strategies and improve defenses to prevent future attacks.

Compliance monitoring: Monitoring hacker forums can also help organizations to meet regulatory and compliance requirements. Many regulations require organizations to implement appropriate security controls and to maintain a comprehensive understanding of the current threat landscape.

Overall, monitoring hacker forums can be an effective tool for organizations to proactively identify potential threats and vulnerabilities, develop effective countermeasures and defensive strategies, and respond quickly and effectively to attacks.

Monitoring the Tor and I2P networks can help organizations reduce their cyber risks in several ways. Here are a few examples:

Early warning of threats: By monitoring these networks, organizations can identify potential threats early on. Tor and I2P are known to be used by threat actors to hide their activities, including malware distribution, command and control communications, and data exfiltration. By monitoring these networks, organizations can detect these activities and take action to prevent or mitigate the damage.

Identifying insider threats: Tor and I2P can also be used by insiders to leak sensitive information or exfiltrate data. By monitoring these networks, organizations can detect suspicious activity and investigate further to identify and address any insider threats.

Staying compliant: Some organizations are required to monitor Tor and I2P as part of regulatory compliance. For example, financial institutions are required to monitor these networks for money laundering and other financial crimes.

Get Timely Notifications!

Using Kaduu’s domain monitoring service, you can create alerts that can be delivered via email in CSV, docx or JSON format, inside the dashboard or via REST API.


“Cyberattacks, and as a result breaches, are inevitable in most organizations. Early detection of breached data and mentions of your organization in the Dark and Deep Web allows you to reduce damage from future attacks.”