2021-07-06, 16:50–17:25, Zoom room
When implementing security solutions, there are many ways to integrate a blocklist and improve the detection of suspicious/malicious activity. If there exists many blocklist available online, sometimes their content does not fit exactly with your expectation (false positives, too complex, etc). So, I implemented my own blocklist based on a REST API. This allow me to interconnect it with many tools/scripts/devices to fetch or update its content. In this presentation, I’ll explain how and why I implemented it with only one goal : automation & improvement of the security perimeter.
Xavier Mertens is a freelance security consultant based in Belgium. With 12+ years of experience in information security, his job focuses on protecting his customers' assets by providing services like incident handling, investigations, log management, security visualization, OSINT). Xavier is also a Senior Handler at the SANS Internet Storm Center, SANS FOR610 instructor, a security blogger and co-organizer of the BruCON security conference.