Little Snitch Blocklists

Swapneel Patnekar
What is Little Snitch? Little Snitch is a network monitor & application firewall for the Mac OS. On 21st May 2024, with the release of Little Snitch 6.0, a notable Blocklists feature has been made available. While the ability to add a custom blocklist existed in prior versions, it was a manual step. Little Snitch 6.0 changes that. Little Snitch 6.0 now provides a prepopulated list of blocklists for blocking Advertising, Malware, Tracking, Gambling etc.

Exploring Geopolitics, International Relations and Strategic Studies

Swapneel Patnekar
A post here after a long time. I have been going down the rabbit hole and exploring Geopolitics, International Relations, and Strategic Studies. I am stoked to share that I will be part of the Graduate Certificate in Public Policy(GCPP) Defence & Foreign Affairs cohort the Takshashila Institution offers to start tomorrow. While I have been self-learning for some areas of interest, such as geopolitics, international relations and India’s foreign policy, I am looking forward to the course to gain a deeper understanding and networking with peers from various backgrounds in Indian armed forces, public policy Etc.

CERT-In : Sensor for MSME networks for logs

Swapneel Patnekar
If you are an MSME and are looking at complying to the CERT-In directives on logs, then, a sensor we’ve built for generating and storing logs of the entire network, might just be what you are looking for. What do the CERT-In directives on logs state All service providers, intermediaries, data centres, body corporate and Government organisations shall mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days and

Packets don't lie - Threat Hunting with Zeek

Swapneel Patnekar
Earlier today, I presented a webinar on ’ Packets don’t lie - Threat Hunting with Zeek.' Thanks to the kind folks at APNIC for initiating the request and starting the email thread. The gist of the presentation was about using Zeek to look for anomalies. Before jumping into Zeek, I introduced Network Security Monitoring. Spoke about conn.log and dns.log and used PCAPs from Stratosphere IPS Project to demonstrate threat hunting with Zeek.

Little Snitch - Capturing traffic of a specific process

Swapneel Patnekar
While investigating a bit of oddity with the Skype app on Mac OS X, I wanted to capture all traffic from only the Skype processes. But first, a little background on the issue. All DNS traffic from my systems is routed through a WireGuard tunnel. The peer endpoint at the other end runs a recursive resolver with DNS Response Policy Zones (DNS RPZ). https://twitter.com/pswapneel/status/1490219842674503680 The issue is - that as soon as the WireGuard tunnel is disabled, Skype will try connecting to Google DNS(8.

Shodan geoping and geodns -Quickly check ping and DNS resolution across multiple locations

Swapneel Patnekar
Measuring ping and DNS from different vantage points using RIPE Atlas has been something that I have been using for some time now. A few weeks ago, I came across Shodan’s geoping and geodns API, which provides ping and DNS lookup from a few locations and other details such as RTT. This is great because you can quickly check ping and DNS resolution on systems where you only have curl running.

The curious case of esic.in DNS

Swapneel Patnekar
A couple of weeks ago, at my $dayjob, we implemented a recursive resolver with RPZ in an enterprise network. After a few days, the customer got back to us with an issue - the DNS resolution of the domain esic.in failed with an NXDOMAIN response. After a cursory look at the problem, it became evident that esic.in resolved correctly but www.esic.in did not. The customer also reported that if they switched the resolver to 8.

APNIC 52 - Threat Hunting using DNS

Swapneel Patnekar
I presented on how we at my $dayjob do Threat Hunting using DNS at APNIC 52. This is the same presentation I gave at SANOG 37, but luckily, I had the full quota of 20 minutes to complete the presentation without rushing into it. Here is the video of the presentation, https://youtu.be/C1JZfAcl0Os?t=2656 Happy hunting!

sdns://2021 - Hyperlocal root and LocalRoot

Swapneel Patnekar
Image Source: sdns2021.dnscrypt.info I had the opportunity to present on Hyperlocal root and the LocalRoot project at sdns://2021 last week I’ve written and presented about Hyperlocal root aka RFC 8806 in the past. In the context of privacy, Hyperlocal root does provide a possible solution to the problem, Prevent snooping by third parties of requests sent to DNS root servers RFC8806 Aside from that, faster negative responses to non-existent domains eliminates junk to the root

SANOG 37 - Threat Hunting using DNS

Swapneel Patnekar
PC: Mohan Thomas At SANOG 37, I had the opportunity to share some of the ways in which we have been doing Threat Hunting using DNS at my $dayjob. Here is the video of the presentation. https://youtu.be/S3IuZgt61pA?t=9667 I also had a little demo but I decided to improvise and add slides instead, since the program was running a little behind schedule and I was the only one standing between everyone and their lunch.