April 15

Webinar Takeaway: No SPAN Port? No Tap? No Problem!

Security

0  comments

My key takeaways

  • setting up security in home network is no easy job
  • no tap port? Think ARP cache poisoning
  • don't run it on a production network!
  • Put RITA and Bettercap on a Raspberry Pi
  • Bettercap is able to do full duplex ARP cache poisoning
    • have to enable it in the config
    • you can whitelist devices as well
  • Re-configure the default gateway to the sniffing device avoids alot of the probs but is harder to do. Using a simple device for ARP cache poisoning is almost plug'n play.
  • all you need is one network adapter

Env

additional links

Tags

blue team, firewall, home network

You may also like

Webinar takeaway – Malware of the Day

My key takeaways "Malware of the Day" is about simulating one malware or exploit that was found "in the wild" why? to share with the public so that we can test our security detection abilities in place sharing (safe) PCAPs with identified C2 methods and network traffic patterns smoke detectors are not build to prevent

Read More

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

My key takeaways BEC external-to-internal passes all technical security measures like SPF, DKIM and DMARC BEC internal-to-internal bypasses anti-spam solutions Get comfy with PowerShell to interact with M365 since Jan 2019 MS enabled mailbox auditing for Exchange Online CrowdStrike Reporting Tool also reviews excessive permissions in Azure AD If you are suspiscous to have a

Read More
Leave a Comment