How to use a Raspberry Pi as a Network Sensor - Bill Stearns

Want to level up your threat-hunting knowledge? Take our FREE, hands-on threat hunt training course: www.activecountermeasures.com...
1:51 Presentation Outline
2:12 Goals of This Talk
3:24 Did Someone Say Raspberry Pie?
14:50 Building the System
19:21 Software Setup
21:06 Network Setup
28:06 Additional Steps
31:20 Getting Packets
34:09 Monitor the Span Port
45:34 What Sniffing Tools to Use
46:46 This Example
50:49 Why Not a Traditional PC?
53:51 To Infinity...
56:05 References
Join Bill Stearns, from Active Countermeasures for "How to use a Raspberry Pi as a Network Sensor!"
Stealth - Size - Cost - Bang for the buck: pick any 4. :-)
Running a network sensor, IDS, or IPS can be a costly venture; the high-end ones can cost more than a used car. In this webcast we’ll cover running a network sensor using a Raspberry Pi, a miniature single-board computer that runs most anything you can run under Linux.
Bill will show you how to install and use the Zeek IDS and cover the performance aspects you'll need to know. Setting up IDSs that cost about the same as a bike means you can monitor far more network segments simultaneously, and hide them behind a power brick if you have to.
No previous experience with the Pi is needed - you'll have a shopping list of what to get. You'll probably want basic familiarity with running commands under Linux.
Slides & Buy List: activecountermeasures.com/ras...
Active Countermeasures Socials
Twitter: / activecmeasures
LinkedIn: / active-countermeasures
Discord: / discord
Our Threat Hunting Tool ~ AC-Hunter (Formally AI-Hunter)
Features - www.activecountermeasures.com...
Interactive Demo Space - www.activecountermeasures.com...
Active Countermeasures Open-Source Tools
www.activecountermeasures.com...
Educational Threat Hunting Content
FREE 6-Hour Threat Hunt Training: www.activecountermeasures.com...
Active Countermeasures Blog: www.activecountermeasures.com...
Active Countermeasures KZread: / activecountermeasures
Learn Threat Hunting Skills from Antisyphon Training
Entry-Level (Pay-What-You-Can): www.antisyphontraining.com/pa...
Advanced: www.antisyphontraining.com/ad...
Active Countermeasures Shirts
spearphish-general-store.mysh...
Our Tribe
Black Hills Infosec: www.blackhillsinfosec.com/
Wild West Hackin' Fest: wildwesthackinfest.com/
Antisyphon Training: www.antisyphontraining.com/

Пікірлер: 16

  • @grushdevarhal
    @grushdevarhal4 жыл бұрын

    BHIS/Active Countermeasures really give back to the community. I am really impressed with both the caliber of their speakers, as well as their dedication to webinars/open source tooling in order to make Information Security techniques available to the masses. I tried getting this up and running on my old Pi 2 after listening to it live, it failed spectacularily, because its far below the requirements for this application. The replacement Pi4 I ordered tonight came tonight, looking forward to seeing how well this performs in my home lab.

  • @sergeitokarev2467
    @sergeitokarev24674 жыл бұрын

    Thank you for publishing the recording, really helps those of us, who live on the other side of the globe.

  • @ZophieFerrari

    @ZophieFerrari

    4 жыл бұрын

    Helpful to those of us who had to work too, though I considered trying to watch it live in the bathroom 😂

  • @jayanthkumar7964
    @jayanthkumar79642 жыл бұрын

    I honestly wish they took Q&A after the presentation. Great resource though Mr. Stearns. I'm hopefully going to get this up and running sometime this week. RITA still won't work on Raspberry Pi OS though, but I can funnel off the processing to another machine.

  • @simonc6275
    @simonc62753 жыл бұрын

    Hi Bill, thank you and please thank your crew for an excellent overview of Raspberry Pi and IDS. I am currently at the testing stage of my Dissertation and your vid has been a great help. By the way I am using 8GB Pi for my dissertation research.

  • @OthmanAlikhan
    @OthmanAlikhan3 жыл бұрын

    Thanks for the video =)

  • @joncheuvront5487
    @joncheuvront54874 жыл бұрын

    This was great content. I plan to build one soon for my lab (and field kit). I do have another question, can you please share the info on your low latency audio project? I have a a fellow music on the other side of the country that I would like/need to practice and record with.

  • @kellytorvik7959
    @kellytorvik79593 жыл бұрын

    Someone is connecting wireless fax and document writers and printers up to mu PC how do i put a stop to it.... PLEASE HELP

  • @retorq
    @retorq4 жыл бұрын

    Came here to learn about Pi as a network sensor, learned about the 'watch' command instead ...

  • @justWesTech
    @justWesTech4 жыл бұрын

    Got my Pi4 set up and everything seems to be running with the exception of RITA. It would not install via that install.sh file. It tells me my OS is not supported despite it being the default Rasbian Buster install.

  • @grushdevarhal

    @grushdevarhal

    4 жыл бұрын

    I am also stuck at this point :/. I edited the script to get around the OS not supported error, and got a a little further, managed to get broctl etc working, but it was a pain as it needed a different version of gcc to compile than the one that comes out of the box on raspbian, and the error did not indicate that was the issue.

  • @justWesTech

    @justWesTech

    4 жыл бұрын

    @@grushdevarhal I let Active Countermeasures know on twitter and they say it is a known bug and they are working on it.

  • @bullychug9883

    @bullychug9883

    4 жыл бұрын

    @@justWesTech Do you know if this was ever addressed again? :)

  • @chrisburke3212
    @chrisburke3212 Жыл бұрын

    This link does not work anymore. Thoughts?

  • @ActiveCountermeasures

    @ActiveCountermeasures

    Жыл бұрын

    The link has been fixed! Thank you for making us aware of the issue.