Posts Tagged ‘DNS’

Threat intelligence: OTX, Bro, SiLK, BIND RPZ, OSSEC

Building a toolbox around threat intelligence can be done with freely available tools. Shared information about malicious behaviour allows you to detect and sometimes prevent activity from – and to – Internet resources that could compromise your systems’ security. I’ve already described how to use lists of malicious domain names in a BIND RPZ (Response […]

Malware detection with DNS RPZ and OSSEC

Building upon a sysadvent article I wrote at work, I’ve set up a dedicated Response Policy Zone using the freely available data files from the Malware Domain Blocklist. There are different ways to do this, but for this particular purpose I’ve imported the text file and generated a single zone file locally. BIND supports up […]