Consuming Threat Intelligence RSS feeds
What is Little Snitch? Little Snitch is a network monitor & application firewall for the Mac OS. On 21st May 2024, with the release of Little Snitch 6.0, a notable Blocklists feature has been made available.
While the ability to add a custom blocklist existed in prior versions, it was a manual step. Little Snitch 6.0 changes that. Little Snitch 6.0 now provides a prepopulated list of blocklists for blocking Advertising, Malware, Tracking, Gambling etc.
A post here after a long time. I have been going down the rabbit hole and exploring Geopolitics, International Relations, and Strategic Studies.
I am stoked to share that I will be part of the Graduate Certificate in Public Policy(GCPP) Defence & Foreign Affairs cohort the Takshashila Institution offers to start tomorrow.
While I have been self-learning for some areas of interest, such as geopolitics, international relations and India’s foreign policy, I am looking forward to the course to gain a deeper understanding and networking with peers from various backgrounds in Indian armed forces, public policy Etc.
If you are an MSME and are looking at complying to the CERT-In directives on logs, then, a sensor we’ve built for generating and storing logs of the entire network, might just be what you are looking for.
What do the CERT-In directives on logs state All service providers, intermediaries, data centres, body corporate and
Government organisations shall mandatorily enable logs of all their ICT
systems and maintain them securely for a rolling period of 180 days and
Earlier today, I presented a webinar on ’ Packets don’t lie - Threat Hunting with Zeek.'
Thanks to the kind folks at APNIC for initiating the request and starting the email thread.
The gist of the presentation was about using Zeek to look for anomalies. Before jumping into Zeek, I introduced Network Security Monitoring. Spoke about conn.log and dns.log and used PCAPs from Stratosphere IPS Project to demonstrate threat hunting with Zeek.
While investigating a bit of oddity with the Skype app on Mac OS X, I wanted to capture all traffic from only the Skype processes.
But first, a little background on the issue. All DNS traffic from my systems is routed through a WireGuard tunnel. The peer endpoint at the other end runs a recursive resolver with DNS Response Policy Zones (DNS RPZ).
https://twitter.com/pswapneel/status/1490219842674503680
The issue is - that as soon as the WireGuard tunnel is disabled, Skype will try connecting to Google DNS(8.
Measuring ping and DNS from different vantage points using RIPE Atlas has been something that I have been using for some time now.
A few weeks ago, I came across Shodan’s geoping and geodns API, which provides ping and DNS lookup from a few locations and other details such as RTT. This is great because you can quickly check ping and DNS resolution on systems where you only have curl running.
A couple of weeks ago, at my $dayjob, we implemented a recursive resolver with RPZ in an enterprise network.
After a few days, the customer got back to us with an issue - the DNS resolution of the domain esic.in failed with an NXDOMAIN response. After a cursory look at the problem, it became evident that esic.in resolved correctly but www.esic.in did not.
The customer also reported that if they switched the resolver to 8.
I presented on how we at my $dayjob do Threat Hunting using DNS at APNIC 52.
This is the same presentation I gave at SANOG 37, but luckily, I had the full quota of 20 minutes to complete the presentation without rushing into it.
Here is the video of the presentation,
https://youtu.be/C1JZfAcl0Os?t=2656
Happy hunting!
Image Source: sdns2021.dnscrypt.info
I had the opportunity to present on Hyperlocal root and the LocalRoot project at sdns://2021 last week
I’ve written and presented about Hyperlocal root aka RFC 8806 in the past. In the context of privacy, Hyperlocal root does provide a possible solution to the problem,
Prevent snooping by third parties of requests sent to DNS root servers
RFC8806
Aside from that, faster negative responses to non-existent domains eliminates junk to the root