From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 472 - 6:00PM

Episode Audio


Make sure you check out our Sponsors from Farday Security, they make awesome tools that integrate results from penetration testing and vulnerability assessment tools. They have a community version that is complete FREE, check it out at https://www.faradaysec.com/securityweekly

Interview: Elizabeth Gossell

Elizabeth Gossell is a Product Strategist at Tenable with a solid background in network security at both Lockheed Martin and Tenable. She holds several professional certifications, including CISSP, CCNA, GCIH and CompTIA. Her unique blend of information security experience and pragmatic marketing contributes to Liz’s insightful research, evaluating competitive solutions and determining differentiators of Tenable solutions.

  1. How tall do I need to be to ride the ride?
  2. What are the evaluation criteria?
  3. What problems do they solve?
  4. Geeky/technical things...
  5. Threat Hunting
  6. Analytics
  7. SEIM / Security Intelligence
  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Tech Segment: Blocking Ads and Malware Using Bind DNS


Ads are annoying, malware is bad. pfSense wanted to be my DNS server in order to block host names. I built my own DNS and DHCP servers, read on.

Interesting facts and side affects:

  • I found overlap between the ad blocklists and the malware blocklists
  • I created two DNS and DHCP servers, completely redundant
  • They are in fact caching name servers, and point to Google ( and
  • I plan to add more DNS blocklists and setup a script that can be extended
  • I hate dhcpcd and dnsmasq, it was just easier for me to use the ISC bind and DHCP servers as I have more experience with them (That being said, if you prefer dnsmasq and dhcpcd, go for it)


Put Raspbian on two PI 3's, and configure ISC Bind and DHCP Server. Split your range between the two.

Use this script to pull down the block lists, add as many as you like:






awk '{ print $1 " " $2 " {type master; file \"/etc/bind/nullzone\"; };" }' $ADLISTFULE $MWLISTFILECLEAN | sort | uniq  > /etc/bind/blacklists

Add this file to /etc/bind call "nullzone":

$TTL    86400   ; one day  
@       IN      SOA     ads.int.psw.io. hostmaster.int.psw.io. (
                    86400 )          
                NS      tanaka.int.psw.io.
                NS      orgami.int.psw.io.
@       IN      A 
*       IN      A

Add this line to your named.conf.local:

include "/etc/bind/blacklists";

"blacklists" will look as follows:

zone "0000mps.webpreview.dsl.net" {type master; file "/etc/bind/nullzone"; };
zone "0001.2waky.com" {type master; file "/etc/bind/nullzone"; };

And you are done!


Security News - 7:00PM-8:00PM

Paul's Stories

  1. "How Sony
  2. Alarm systems alarmingly insecure. Oh the irony | Pen Test Partners
  3. "Bits
  4. A Case Study in Attacking KeePass – harmj0y
  5. "FBI Director: Clinton Emails Were Careless
  6. "Nasty BIOS bug slugs Gigabyte
  7. Top Router Maker TP-Link Loses Control Over Configuration Domain
  8. D-Link Wi-Fi Camera Flaw Extends to 120 Products
  9. Celebgate Nudes Hacker Pleads Guilty
  10. Silent Circle Killed Their Warrant Canary
  11. New Backdooring Mac Malware Discovered
  12. WikiLeaks Downed In Apparent Heavyweight Hacker Feud
  13. "Palo Alto Offers $16
  14. Symantec Won't Fix Catastrophic Flaws Until Mid-July


Larry's Stories

Joff's Stories

Jack's Stories

Kevin's Stories

Michael's (Santa) Stories