The Dark Web is a playground for many shady characters, forming an underground economy of illicit goods and services that attracts much scrutiny. Malware and hacking services can be found there, up for grabs or up for sale. Reverse engineering this underground economy is an interesting task to tackle. The hacker underground has existed in many forms over the years (or decades), from X.25 packet-switched networks to phone/modem-based Bulletin Board Systems (BBSs), to gopher and ftp sites, and eventually to the Dark Web, aka the hidden dark corners of what we now call the Internet. Publicly available browsers such as the Tor browser have made the Dark Web accessible to anyone who wishes to access it.

This upcoming book with a scheduled release date of May 2026 dissects the Dark Web from multiple angles. As a reviewer I was given access to an early release version of the book, so your mileage may vary. This roughly 400-page book "Dissecting the Dark Web - Reverse Engineering the Underground Economy" is divided into 12 chapters to cover various aspects of the Dark Web, including operational security, reverse engineering, and analytical thinking. Most chapters are structured around a case study, background, and a set of exercises at the end to perform a knowledge check. The exercise solutions are at the end of the book for the gratification of the reader. Throughout the book, the reader will find information boxes, screenshots of actual Dark Web interactions, content of malware or web pages, and code snippets (yes, treat those as malicious, as per the author's own warning!). Think of it as a series of amuse-bouches to whet your appetite for the real thing!

After the introduction, which helps the reader to get oriented, the first chapter 'A Visit to the Dark Web' is about getting to the Dark Web. The chapter starts with a first-person account of the author's exposure to the underground economy of the Dark Web. The chapter describes the tools necessary to access the Dark Web, the modalities of the Dark Web, such as the goods and services you may find there, the people who pass through, the payment systems in use, and perhaps some useful technical software analysis tools to dissect the malware and other pieces of software that one may stumble upon.

The second chapter 'Vulnerabilities, Exploits, and Access' focuses on the attackers' ways to compromise a system and gain access to it. Here the reader discovers those techniques, including what would be offered on the Dark Web for performing those breaches, either by buying credentials or the means of acquiring them in other ways.

The third chapter 'Malware Delivery Techniques' shifts to approaches for getting malware to their intended target(s), for example by using so-called loaders or even fully instrumented botnets. As for exercises, they are based on recent cases of malware, e.g. the Mirai botnet, which helps the reader get into the minds of the bad guys.

In the fourth chapter, the author switches to 'Information stealers.' This is something we often hear about when we read about large password database dumps being published, as they often (but not always) result from attackers instrumenting systems to capture credentials from users. The January 2026 release of a 149-million list of user/password credentials is such an example collected from information stealers that are described in this chapter. One could expect to find the output of such information stealer in the Dark Web eventually.

The fifth chapter 'Banking Trojans' describes another high value target from the financial domain. As bank accounts constitute a desirable prize in the form of online access credentials, this is another area of interest on the Dark Web. This could be considered a continuation of listings of credit card numbers from the earlier days of the Dark Web.

The sixth chapter switches gears to more evasive techniques to help with malware propagation and delivery: 'Packers and Crypters.' First, these tools are used to prevent early detection of malware by the defenders, as it slows down analysis techniques and can prevent triggers of antivirus or anti-malware systems. Second, the better they are, the higher the prices will be on the Dark Web for the lesser trained hackers to acquire and use. These tools can be applied to the malware described in the third chapter.

The seventh chapter 'Command-and-Control Frameworks' describes the communication techniques used by the attackers to interact with their herd of malware, for example. The better and more resilient the techniques are, the higher prices the sellers will achieve for providing a hard-to-eradicate botnet.

In the eighth chapter 'Post-Exploitation Toolkits,' the reader learns about the toolkits for acting after an initial foothold on the system has been achieved. As the possibilities are endless, this chapter explores some examples such as further escalation of access, or lateral movement within an enterprise that has been compromised. In the exercise in this chapter, the reader will explore Metasploit's post-exploitation capabilities.

In the ninth chapter 'Living off the Land,' the author shows how the attackers minimize the detection risk by (re)using existing operating system tools to complete their nefarious tasks. Such tasks could include discovery of credentials via Active Directory for lateral movement, or tools that facilitate privilege escalation. Such techniques are often applied by ransomware.

The tenth chapter 'Windows Ransomware' explains the basics of ransomware in its historical context, as well as the ransomware-as-a-service groups that one would nowadays find on the Dark Web. Ransomware is an ongoing problem for organizations as it can severely disrupt their operations. This chapter focuses on the Windows operating system variants and shows how defenders can develop countermeasures or mitigations to ransomware attacks.

The eleventh chapter 'Linux and Esxi Ransomware' is about the Linux and virtualization environment variants of the ransomware. Since many systems operate in the cloud, an attack to the hypervisor (such as VMware's Esxi) would have big impact on an organization using such infrastructure.

The last chapter 'Lessons from the Underground Economy' wraps up the book. Here the author muses about the implications of takedown operations, the habits of threat actors, and where the field may be headed due to automation on both sides of the fence.

Lindsay Kaye has created a great technical book for those unfamiliar with the 'trenches' of cybersecurity and the Dark Web. It allows the reader to get a hands-on, real-world perspective of what attackers are doing, either by studying the cases described in the book, or taking a first step into the Dark Web to see for themselves. It is aimed at professionals, analysts, and researchers alike who are curious about the 'hacker underground.' I enjoyed reading this book as it brought back memories from my own times of exploration many, many moons ago.

Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org.