We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can be difficult to try cool/free network monitoring tools.
Sure, one could buy another router that has those features. But it is far easier to not do that. So, people don’t. Time goes on and they never get to play with the free enterprise-level cool tools at work or at home.
However, there are a couple of ways to set up full network monitoring at home. No taps, no mirrored ports, no expensive/obscure devices to buy.
In fact, the more basic and crappy the wireless router/switch is, the better these techniques work.
So, in this Black Hills Information Security (BHIS) webcast, we will give you a super easy and hacky way to get open-source enterprise network monitoring up and running at home in no time flat.
Recorded • 2021-04-15
Join the BHIS Community Discord: https://discord.gg/bhis
00:00 – FEATURE PRESENTATION: No SPAN Port? No Tap? No Problem!
06:00 – Mental Blocks
10:52 – Solution to Mental Blocks
16:26 – ARP Cache Poisoning
33:26 – Step One: Ubuntu
34:36 – Step Two: RITA/Zeek/Mongo
36:45 – Step Three: Install Bettercap
38:09 – Step Four: Start Bettercap
39:52 – Step Five: Advanced – arp-spoof
45:46 – Success!
47:08 – RITA: Import & Analyze
49:42 – RITA: Beacons
52:35 – What Now?
58:29 – QnA
[Post]Show Job Hunting – https://youtu.be/sPoMPaWPP6o
PreShow Banter™ — https://youtu.be/9Oox03UUSVM
Check out our training courses at https://wildwesthackinfest.com/training/
Music by Beau Bullock: https://www.nobandwidth.io
**All YouTube ad revenue will be donated to the Innocent Lives Foundation** https://www.innocentlivesfoundation.org
Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.