Episode507

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 507

Episode Audio

[] Coming Soon Recorded March 30, 2017

Hosts

  • Jack Daniel - Works for Tenable Network Security and is a co-founder of Security BSides.
  • Larry Pesce, Director of Research and Senior Managing Consultant at InGuardians
  • Joff Thyer - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
  • Paul Asadoorian - Embedded device security researcher, security podcaster and CEO of Offensive Countermeasures

Interview: Brad Antoniewicz, OpenDNS/BSides NYC - 6:00PM-7:00PM

Brad Antoniewicz from Security BSides NYC


Brad Antoniewicz works in Cisco Umbrella’s security research group. He is an Adjunct Professor teaching Vulnerability Analysis and Exploitation and a Hacker in Residence at NYU’s Tandon School of Engineering. Antoniewicz is also a Contributing Author to both the Hacking Exposed and Hacking Exposed: Wireless series of books.


Questions

  1. What is Hashes for the Masses?
  2. Overview of your talk "“The Exploits Used in Ransomware Campaigns"
  3. More details please: http://lacedmail.com/

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Technical Segment: Blocking Ads and Malware With Pi-hole In The Cloud 7:00 - 7:30

TL;DR

Blocking Ads and Malware With PI-Hole In The Cloud By Paul Asadoorian

I created a new Debian instance on Digital Ocean, installed PI-Hole, updated the ad and malware domains on a crontab, then cloned the image. I now have two DNS servers in the cloud running PI-Hole. Make sure you setup iptables to limit recursive lookups!

Setting The Stage

Things You Will Need

  1. A cloud hosting provider, I chose Digital Ocean
  2. One (or two) Linux instances, I chose 1GB Debian instances
  3. I pre-installed dnsmasq and lighttpd (apt-get install dnsmasq lighttpd)
  4. Know which IP address or address ranges you wish to allow recursive lookups from

Setup & Configuration

Once you have access to your new instance, installing PI-Hole is really easy. There are a few different ways to do it, but I used this method:

First, get the install script:

$ wget -O basic-install.sh https://install.pi-hole.net

Then run the install script:

# bash basic-install.sh

Follow the prompts, its pretty easy as it only asks you a few questions. I enabled the web server, which it generated a password for me to use upon login.

Then I added a cron job to update the list of malware domains every week:

$ sudo echo "47 6    * * 7   root    /usr/local/bin/gravity.sh" >> /etc/crontab

When those steps are completed, point your DNS requests at it! The dashboard on the web interface is really neat too:

Screenshot 2017-03-29 13.42.44.png

More Stuff To Do

Not yet tested, but since this system is on the Internet, anyone can use it for recursive lookups! As far as I can tell, DNSmasq does not have a concept of ACLs like bind, so here is a solution using iptables:

# Flush
iptables -F

# Allow your networks to query and hope they have a static IP!
 
iptables -A INPUT -s A.A.A.A/X -p udp --dport 53 -j ACCEPT
iptables -A INPUT -s A.A.A.A/X -p tcp --dport 53 -j ACCEPT

# Since we are forwarding to Google, allow those:

iptables -A INPUT -s 8.8.8.8/32 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -s 8.8.4.4/32 -p tcp --dport 53 -j ACCEPT
 
iptables -A INPUT -p udp --dport 53 -j DROP
 
# make the rules persistent
service iptables save

Resources

  1. Pie in the Sky-Hole [A Pi-Hole in the cloud for ad-blocking via DNS]
  2. Pi-Hole in the cloud
  3. PI-Hole Github
  4. Block Millions Of Ads Network-wide With A Raspberry Pi-hole 2.0 (VERY detailed documentation on PI-Hole

Please donate to the PI-Hole project! They even have a Digital Ocean referral code, so use it.

Security News - 7:30-8:30PM

Paul's Stories

  1. Cisco learned from Wikileaks that the CIA had hacked its systems
  2. The New Laptop Ban Adds to Travelers' Lack of Privacy and Security
  3. Insider Threat Fear Greater Than Ever, Survey Shows
  4. Trump extends Obama executive order on cyberattacks | PCWorld
  5. Publicly Attacked Microsoft IIS Zero Day Unlikely to be Patched
  6. Industry Braces for Repeal of ISP Privacy Rules
  7. Potent LastPass exploit underscores the dark side of password managers
  8. IBM X-Force Report Reveals a Record Number of Vulnerabilities in 2016
  9. 2016 Was a Record Year for Breaches, Gemalto Reports
  10. Apple Patches Large Number of Flaws in iOS, macOS Updates
  11. Horrible Mistakes You're Making With Pen-Testing Pt. 2

Larry's Stories

Jack's Stories

Joff's Stories