Hi there,

This is a second time I'm going to demo ioc2rpz at DefCon Demo Labs. For the last year I've implemented some cool features, fixed bugs and refactored some code.

The enchantments includes:
- REST API;
- DNS over TLS support (DoT);
- IPv6;
- cache and zone generation optimization;
and some other improvements and bug fixes.

Since January 2019 I'm using RPZ feeds at home on a Raspberry PI (bind) and in a Lab on Infoblox with ioc2rpz deployed on a publicly available server in the Internet. A public TSIG key was available for tests about 4 months and a few users tested it. To simplify a user experience, add some extra control and protect the service against abuse I've created an ioc2rpz community web-site (https://ioc2rpz.net). On the community web-site your can get an access following RPZ feeds free of charge:
If you want to test RPZ feeds in your environment you have multiple options which are easy:
  • Sign up on the ioc2rpz community web-site.
  • Deploy a docker container from the docker hub. Here is a simple instruction.
  • Deploy it on AWS using ECS. Here is another instruction.
Do not forget about a GUI which is developed as a separate project ioc2rpz.gui (https://github.com/Homas/ioc2rpz.gui)

If you still confused what I'm speaking about you can watch a demo video. It is a bit outdated (was prepared for DefCon 26) but still actual + UX/UI was not significantly updated :)



BR,
Vadim