it has been relatively a long time since threat intelligence sources started to integrate what they call as “dark web” into their system of data/intelligence gathering, prioritization and delivery as a service to threat hunters. nothing really wrong with that, it is actually a reasonable and even crucial part of any threat hunting system, but is the dark wen they are talking about really The Dark Web?
do not get fooled just by the term “dark web”, from what most of these firms are utilizing, ingesting and delivering, it is obvious that the dark web they are talking about is actually so bright 🙂
access to dark web is very crucial if your vulnerability management system is relying on facts not fictions, on reality not speculations, on what actually right now happening in hackers communities, not our definition and understanding of “Threats”. however, access to those dark resources is a highly manual effort, requires completely a new set of protocols and clients (not just Tor with Onion) and even totally different jargon.
you could still build a good threat intelligence even just by listening to news! or typical newsletters these days. most TI ingested by these services are available to public and are not considered part of dark web, they are just a little bit under surface web, not even deep web, let alone dark web, which is technically not a web.
