John Strand //
Want to get started on a hunt team and discover “bad things” on your network?
In this webcast, we will walk through the installation and usage of Real Intelligence Threat Analytics (RITA). RITA is an open-source framework from the folks at Black Hills Information Security and Offensive CounterMeasures. RITA ingests Bro logs and seeks out malicious payload beaconing and scanning behavior. It also determines which systems in your environment are talking with known bad IP addresses and domains. In less than an hour, you will learn how to collect and analyze network traffic for hunt teaming analysis.
We will also provide some sample Bro logs for you to play with and give RITA a test drive. Want to use your own Bro logs? Great! Just make sure your logs come from an egress pre-NAT point where we can see the internal RFC 1918 IP addresses talking to external IP addresses.
We’ll cover the different types of math used in our analysis, including:
– Connection intervals
– Data sizes
– Connection times
As a bonus, our sponsor, LogRhythm, will be showing off a completely free network monitoring tool called Network Monitor Freemium — a free tool for network monitoring, application detection, and detecting suspicious network activity (including lateral movement)!
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_RITAFindingBadThingsOnYourNetworkUsingFreeandOpenSourceTools.pdf