Webcast: No SPAN Port? No Tap? No Problem!

We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can be difficult to try cool/free network monitoring tools. Sure, one could buy another router that has those features. But it is far easier to not do that. So, people don’t. Time goes on and they never get to play with the free enterprise-level cool tools at work or at home. However, there are a couple of ways to set up full network monitoring at home. No taps, no mirrored ports, no expensive/obscure devices to buy. In fact, the more basic and crappy the wireless router/switch is, the better these techniques work. So, in this Black Hills Information Security (BHIS) webcast, we will give you a super easy and hacky way to get open-source enterprise network monitoring up and running at home in no time flat. Recorded • 2021-04-15 Join the BHIS Community Discord: https://discord.gg/bhis 00:00 – FEATURE PRESENTATION: No SPAN Port? No Tap? No Problem! 06:00 – Mental Blocks 10:52 – Solution to Mental Blocks 16:26 – ARP Cache Poisoning 33:26 – Step One: Ubuntu 34:36 – Step Two: RITA/Zeek/Mongo 36:45 – Step Three: Install Bettercap 38:09 – Step Four: Start Bettercap 39:52 – Step Five: Advanced – arp-spoof 45:46 – Success! 47:08 – RITA: Import & Analyze 49:42 – RITA: Beacons 52:35 – What Now? 58:29 – QnA [Post]Show Job Hunting – https://youtu.

• (00:00) - FEATURE PRESENTATION: No SPAN Port? No Tap? No Problem!
• (06:00) - Mental Blocks
• (09:41) - LINK : https://wildwesthackinfest.com/antisyphon//soc-core-skills-john-strand/
• (10:49) - Solution to Mental Blocks
• (16:13) - ARP Cache Poisoning
• (33:06) - Step One: Ubuntu
• (34:15) - Step Two: RITA/Zeek/Mongo
• (36:19) - Step Three: Install Bettercap
• (37:42) - Step Four: Start Bettercap
• (39:25) - Step Five: Advanced > arp-spoof
• (45:16) - Success!
• (46:38) - RITA: Import & Analyze
• (49:09) - RITA: Beacons
• (52:01) - What Now?
• (57:47) - QnA