Hi there,

This is a second time I'm going to demo ioc2rpz at DefCon Demo Labs. For the last year I've implemented some cool features, fixed bugs and refactored some code.

The enchantments includes:
- REST API;
- DNS over TLS support (DoT);
- IPv6;
- cache and zone generation optimization;
and some other improvements and bug fixes.

Since January 2019 I'm using RPZ feeds at home on a Raspberry PI (bind) and in a Lab on Infoblox with ioc2rpz deployed on a publicly available server in the Internet. A public TSIG key was available for tests about 4 months and a few users tested it. To simplify a user experience, add some extra control and protect the service against abuse I've created an ioc2rpz community web-site (https://ioc2rpz.net). On the community web-site your can get an access following RPZ feeds free of charge:

• dns-bh.ioc2rpz - DNS-BH – Malware Domain Blocklist by RiskAnalytics (http://www.malwaredomains.com).
• notracking.ioc2rpz - No more ads, tracking and other virtual garbage (https://github.com/notracking/hosts-blocklists).
• phishtank.ioc2rpz - PhishTank is a free community site where anyone can submit, verify, track and share phishing data. The source contains only phishing domains/hosts and IPs. (https://www.phishtank.com).

If you want to test RPZ feeds in your environment you have multiple options which are easy:

• Sign up on the ioc2rpz community web-site.
• Deploy a docker container from the docker hub. Here is a simple instruction.
• Deploy it on AWS using ECS. Here is another instruction.

Do not forget about a GUI which is developed as a separate project ioc2rpz.gui (https://github.com/Homas/ioc2rpz.gui)

If you still confused what I'm speaking about you can watch a demo video. It is a bit outdated (was prepared for DefCon 26) but still actual + UX/UI was not significantly updated :)



BR,
Vadim