All Apps and Add-ons

CIS Critical Controls App - Bugs in threat feed downloads

sander980
Explorer

I've found two issue in this app:

Issue 1
The ransomware_domain_blocklist lookup is not correctly populated due to an issue in the python script.

The script ransomware_domain_blocklist.py is removing the first character from each entry due to the below rex in the # rm whitespace block. Looks like it's been re-used from the http list maybe.

ransomwaretracker_domain_orig.write(re.sub(r'^[^h]', '', line))
Replace with the below.

ransomwaretracker_domain_orig.write(re.sub(r'^[^0-9a-zA-Z]', '', line))

Issue 2

List malc0de_dns_blacklist.csv does not download due to blocking of non standard browsers. My lookup shows the below which comes from cloudflare.

            <p>The owner of this website (malc0de.com) has banned your access based on your browser's signature (4340f913eddb1d9e-ua48).</p>
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!