Made a new BS List for ZTNA / Mesh / Overlay domains and URLs to block and hunt.

badsamurai@infosec.exchange

Made a new BS List for ZTNA / Mesh / Overlay domains and URLs to block and hunt. Many are poorly categorized by firewall and proxy vendors. Most have a free tier. For the self hosting you’ll need to dig further into the project docs.


.enclave.io/
.firezone.dev/
.headscale.net/
.husarnet.com/
.netbird.io/
.netmaker.io/
.openziti.io/
.tailscale.com/
.twingate.com/
.zerotier.com/
.github.com/easytier/
.github.com/slackhq/nebula/
.github.com/juanfont/headscale/
.github.com/webmeshproj/


bs-lists/ztna-mesh-overlay.txt at main · BadSamuraiDev/bs-lists

Cybersecurity lists of TLDs, domains and URLs for threat hunting and posture policy (warn or block) - bs-lists/ztna-mesh-overlay.txt at main · BadSamuraiDev/bs-lists

GitHub (github.com)

#ztna #LOTS #LOTT #blueTeam

xinayder@fosstodon.org

@badsamurai what's the idea behind blocking/warning on these domains? server can be compromised and use the services' mesh VPN to connect to attacker servers or what?

badsamurai@infosec.exchange

@xinayder yep. And inside threat of the negligence variety.

Of course I’m speaking to enterprises and organizations. if this is your own home or small business there are super valid reasons using this software.