Access Brokers often sit at the start of the eCrime value chain. They act as intermediaries specializing in gaining and selling access methods to victims’ networks. This valuable merchandise of access credentials is then advertised to other cybercriminals on underground forums or dark web marketplaces. An optimized monitoring strategy rests on a foundation of threat intelligence about who the access brokers are and where they operate. Security defenders can patrol the dark web access broker network by following five iterative steps:Knowing your assets, identifying the bad actors, writing alerts to trawl these markets for clues.”]