When devices pretend to be something they’re not, serious security problems can follow. This episode focuses on spoofing attacks—specifically ARP spoofing and MAC address spoofing—that allow attackers to intercept or redirect traffic within a local network. You’ll learn how ARP spoofing poisons the ARP table of nearby devices to reroute traffic through a malicious host. We also explain MAC spoofing, where attackers change their device's MAC address to impersonate a trusted device or bypass access controls.

The episode then addresses rogue devices, such as unauthorized wireless access points, DHCP servers, or other unvetted hardware added to the network. You’ll learn how to detect these threats using scanning tools, logs, and port security features, and how to respond with monitoring and isolation. These tactics are among the most common used in internal breaches, and this episode prepares you to stop them in their tracks.