All Apps and Add-ons

CIS Critical Controls App - Bugs in threat feed downloads


I've found two issue in this app:

Issue 1
The ransomware_domain_blocklist lookup is not correctly populated due to an issue in the python script.

The script is removing the first character from each entry due to the below rex in the # rm whitespace block. Looks like it's been re-used from the http list maybe.

ransomwaretracker_domain_orig.write(re.sub(r'^[^h]', '', line))
Replace with the below.

ransomwaretracker_domain_orig.write(re.sub(r'^[^0-9a-zA-Z]', '', line))

Issue 2

List malc0de_dns_blacklist.csv does not download due to blocking of non standard browsers. My lookup shows the below which comes from cloudflare.

            <p>The owner of this website ( has banned your access based on your browser's signature (4340f913eddb1d9e-ua48).</p>
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!