DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

ioc2rpz

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ioc2rpz

    Saturday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood
    Audience: Defense

    Vadim Pavlov


    DNS is the control plane of the Internet with unprecedented detailed views on applications, devices and even transferred data going in and out of a network. 80% of malware uses DNS to communicate with Command & Control for DNS data exfiltration/infiltration and phishing attacks using lookalike domains. Response Policy Zones or DNS Firewall is a feature which allows us to apply security policies on DNS. Commercial DNS Firewall feeds providers usually do not allow user to generate their own feeds. Cloud only DNS service provides do not provide feeds for on-prem DNS. ioc2rpz is a DNS server which automatically creates, maintains and distributes DNS Firewall feeds from various local (files, DB) and remote (http, ftp, rpz) sources. This enables easy integrations with Threat Intel providers and Threat Intelligence Platforms. The feeds can be distributed to any open source and commercial DNS servers which support RPZ, e.g. ISC BIND, PowerDNS, Infoblox, BlueCat, Efficient IP etc. With ioc2rpz you can create your own feeds, actions and prevent undesired communications before they happen.

    http://ioc2rpz.com

    Vadim Pavlov
    Vadim is a senior product manager at Infoblox where he manages Security Ecosystem integrations, Security API, BloxOne Threat Defense. He has more than 15 years of experience in the network and security industry in various roles. He is an author of open source tools such as ioc2rpz (DNS RPZ feeds distribution server) and others. Vadim earned a Master of Science degree in Computer Science (Software Engineering) from a state university in Russia.
Working...
X