RITA - Finding Bad Things on Your Network Using Free and Open Source Tools
HTML-код
- Опубликовано: 30 июл 2024
- Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Want to get started on a hunt team and discover "bad things" on your network?
In this webcast, we will walk through the installation and usage of Real Intelligence Threat Analytics (RITA). RITA is an open-source framework from the folks at Black Hills Information Security and Offensive CounterMeasures. RITA ingests Bro logs and seeks out malicious payload beaconing and scanning behavior. It also determines which systems in your environment are talking with known bad IP addresses and domains. In less than an hour, you will learn how to collect and analyze network traffic for hunt teaming analysis.
We will also provide some sample Bro logs for you to play with and give RITA a test drive. Want to use your own Bro logs? Great! Just make sure your logs come from an egress pre-NAT point where we can see the internal RFC 1918 IP addresses talking to external IP addresses.
We'll cover the different types of math used in our analysis, including:
- Connection intervals
- Data sizes
- Connection times
As a bonus, our sponsor, LogRhythm, will be showing off a completely free network monitoring tool called Network Monitor Freemium - a free tool for network monitoring, application detection, and detecting suspicious network activity (including lateral movement)!
RITA webpage: www.activecountermeasures.com...
Slides for this webcast can be found here: www.blackhillsinfosec.com/wp-...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest RUclips: / wildwesthackinfest
Active Countermeasures RUclips: / activecountermeasures
Antisyphon Training RUclips: / antisyphontraining
Any info regarding bootkits detection traffic? hidden monitor software on windows ( like those used in companies )? and the most importantly how do you deal with encrypted traffic.
RITA no longer uses K-means and instead uses heuristic score as described in the video. Correct?
Hey there I have been having issues with this install in both a Security Onion VM and a VM I built with the ADHD framework installed. I followed the steps lined out on github and shown at the beginning of the video. When I get to making the install.sh executable and then running it (sudo ./install.sh) I just get the error : [ !] Installation FAILED! I ran apt-get update before cloning it from git.
Any help you can give is appreciated.
Thanks for letting us know, we will look into this and let you know.
A fix was merged in just now. See if it works for you and if not please open a new issue on Github so we can better assist. github.com/ocmdev/rita/issues/new
Works perfect now, thank you!
Awesome!!
i had the same issue on Ubuntu 18.04, then i tried it on 16.04 and worked just fine.
Av /ID's /ips tools credit card details.
Vilom destmins
Can you go into your example a little bit more, because first impressions for me are your chess example really doesn't age well. AlphaZero now learned chess (and in fact the rules of chess) entirely by playing itself many times. They found that human input in even the learning process actually hampered its ability to have unbiased learning. Although it comes to many of the same conclusions as humans did over hundreds of years playing chess (ie, it plays many openings that are considered very standard and normal now), allowing it to come to these conclusions on its own helped it avoid learning bad fundamentals, ultimately allowing it to beat even its predecessors in computer chess (who were already unbeatable by any human).
This is not easy to install!!
where did you find it snagging?