- 1 Paul's Security Weekly - Episode 507
- 2 Interview: Brad Antoniewicz, OpenDNS/BSides NYC - 6:00PM-7:00PM
- 3 Technical Segment: Blocking Ads and Malware With Pi-hole In The Cloud 7:00 - 7:30
- 4 Security News - 7:30-8:30PM
Paul's Security Weekly - Episode 507
Recorded March 30, 2017
- Jack Daniel - Works for Tenable Network Security and is a co-founder of Security BSides.
- Larry Pesce, Director of Research and Senior Managing Consultant at InGuardians
- Joff Thyer - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
- Paul Asadoorian - Embedded device security researcher, security podcaster and CEO of Offensive Countermeasures
Interview: Brad Antoniewicz, OpenDNS/BSides NYC - 6:00PM-7:00PM
Brad Antoniewicz works in Cisco Umbrella’s security research group. He is an Adjunct Professor teaching Vulnerability Analysis and Exploitation and a Hacker in Residence at NYU’s Tandon School of Engineering. Antoniewicz is also a Contributing Author to both the Hacking Exposed and Hacking Exposed: Wireless series of books.
- What is Hashes for the Masses?
- Overview of your talk "“The Exploits Used in Ransomware Campaigns"
- More details please: http://lacedmail.com/
- Three words to describe yourself.
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby-grabby, do you prefer to go first or second?
- Choose two celebrities to be your parents.
Technical Segment: Blocking Ads and Malware With Pi-hole In The Cloud 7:00 - 7:30
Blocking Ads and Malware With PI-Hole In The Cloud By Paul Asadoorian
I created a new Debian instance on Digital Ocean, installed PI-Hole, updated the ad and malware domains on a crontab, then cloned the image. I now have two DNS servers in the cloud running PI-Hole. Make sure you setup iptables to limit recursive lookups!
Setting The Stage
Things You Will Need
- A cloud hosting provider, I chose Digital Ocean
- One (or two) Linux instances, I chose 1GB Debian instances
- I pre-installed dnsmasq and lighttpd (apt-get install dnsmasq lighttpd)
- Know which IP address or address ranges you wish to allow recursive lookups from
Setup & Configuration
Once you have access to your new instance, installing PI-Hole is really easy. There are a few different ways to do it, but I used this method:
First, get the install script:
$ wget -O basic-install.sh https://install.pi-hole.net
Then run the install script:
# bash basic-install.sh
Follow the prompts, its pretty easy as it only asks you a few questions. I enabled the web server, which it generated a password for me to use upon login.
Then I added a cron job to update the list of malware domains every week:
$ sudo echo "47 6 * * 7 root /usr/local/bin/gravity.sh" >> /etc/crontab
When those steps are completed, point your DNS requests at it! The dashboard on the web interface is really neat too:
More Stuff To Do
Not yet tested, but since this system is on the Internet, anyone can use it for recursive lookups! As far as I can tell, DNSmasq does not have a concept of ACLs like bind, so here is a solution using iptables:
# Flush iptables -F # Allow your networks to query and hope they have a static IP! iptables -A INPUT -s A.A.A.A/X -p udp --dport 53 -j ACCEPT iptables -A INPUT -s A.A.A.A/X -p tcp --dport 53 -j ACCEPT # Since we are forwarding to Google, allow those: iptables -A INPUT -s 18.104.22.168/32 -p udp --dport 53 -j ACCEPT iptables -A INPUT -s 22.214.171.124/32 -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j DROP # make the rules persistent service iptables save
- Pie in the Sky-Hole [A Pi-Hole in the cloud for ad-blocking via DNS]
- Pi-Hole in the cloud
- PI-Hole Github
- Block Millions Of Ads Network-wide With A Raspberry Pi-hole 2.0 (VERY detailed documentation on PI-Hole
Please donate to the PI-Hole project! They even have a Digital Ocean referral code, so use it.
Security News - 7:30-8:30PM
- Cisco learned from Wikileaks that the CIA had hacked its systems
- The New Laptop Ban Adds to Travelers' Lack of Privacy and Security
- Insider Threat Fear Greater Than Ever, Survey Shows
- Trump extends Obama executive order on cyberattacks | PCWorld
- Publicly Attacked Microsoft IIS Zero Day Unlikely to be Patched
- Industry Braces for Repeal of ISP Privacy Rules
- Potent LastPass exploit underscores the dark side of password managers
- IBM X-Force Report Reveals a Record Number of Vulnerabilities in 2016
- 2016 Was a Record Year for Breaches, Gemalto Reports
- Apple Patches Large Number of Flaws in iOS, macOS Updates
- Horrible Mistakes You're Making With Pen-Testing Pt. 2