Skip to main content

Bleep away...

 

www.bleepingcomputer.com

CISA releases open-source 'RedEye' C2 log visualization tool

Ionut Ilascu
3 minutes

CISA releases open-source 'RedEye' C2 log visualization tool

"The U.S. Cybersecurity and Infrastructure Security (CISA) agency has announced RedEye, an open-source analytic tool for operators to visualize and report command and control (C2) activity.

RedEye is for both red and blue teams, providing an easy way to gauge data that leads to practical decisions.

Assessing attack campaigns

A joint project from CISA and DOEā€™s Pacific Northwest National Laboratory, RedEye can parse logs from attack frameworks (e.g. Cobalt Strike) to present complex data in a more digestible format.

The tool allows users to upload campaign data to view relevant information such as beacons and commands.

Campaign upload feature in CISA's RedEye tool
RedEye tool - campaign data upload

Historical records of each campaign logs loaded into RedEye can be viewed in a graphical representation that correlates servers and hosts involved.

Campaign visualization in CISA's RedEye tool
RedEye tool - campaign visualization

Analysts can also explore key events in a selected campaign to discover payload activity and follow an attackerā€™s penetration path, such as lateral movement activity or the use of credentials to increase privileges on a machine.

Explore campaign in CISA's RedEye tool
RedEye tool - campaign playback

The features available in RedEye allow analysts to comment on the attackerā€™s activity for better collaboration and understanding of the attack path.

Comment support in CISA's RedEye tool
RedEye tool - comment and tags feature

Using the comments from analysts and the techniques used in the campaign, RedEye can also generate presentations that can be shared with stakeholders and clients.

All data collected from a campaign and the comments from analysts can be exported so clients can review

Blue teams can also use RedEye to understand easier the raw data received from an assessment, and view the attack path and the compromised hosts so they can take appropriate action.

Generate attack campaign presentations with CISA's RedEye tool
RedEye tool - generate presentations

At the moment, RedEye can parse logs from the Cobalt Strike framework.

It has been tested to work on Linux (Ubuntu 18 and above, Kali Linux 2020.1 or newer), macOS (El Capitan and above), and Windows 7 or newer.

The tool is available on GitHub, in CISAā€™s repository.

CISA has also released a video, available below, going through the main features avaialble in RedEye: 

[    ] 

RedEye is the latest in a set of tools that CISA released as open-source projects over the past few years.

Among them are Malcom - a network traffic analysis tool, ICS NPP - a tool for parsing Industrial Control Systems Network Protocols, Sparrow - a PowerShell script for detecting possible compromised accounts and apps in Azure and Microsoft 365 environments." 

READ MORE

Related Articles:

MyDeal data breach impacts 2.2M users, stolen data for sale online

Australian insurance firm Medibank confirms ransomware attack

Fast Company says Executive Board member info was not stolen in attack

Hacker shares how they allegedly breached Fast Companyā€™s site

What the Uber Hack can teach us about navigating IT Security

Comments

Post a Comment

Popular posts from this blog

World Defense News

Flash News: Ukraine Intercepts Russian Kh-59 Cruise Missile Using US VAMPIRE Air Defense System Mounted on Boat. Ukrainian forces have made a major breakthrough in their air defense strategy, successfully intercepting and destroying a Russian Kh-59 cruise missile over the Black Sea with the newly deployed U.S. L3Harris VAMPIRE Surface-to-Air Missile (SAM) system mounted on a high-speed boat.  This marks the first operational use of the VAMPIRE SAM system to intercept a cruise missile, representing a significant leap forward in Ukraine's capability to counter advanced airborne threats.  The achievement was reported on January 25, 2025, via the X account of Clash Report.  Read News Russia - Ukraine War at this link ... Ukrainian forces fire with the US-supplied VAMPIRE SAM system from a high-speed boat, successfully intercepting a Russian Kh-59 cruise missile over the Black Sea in response to an airstrike threat. Screenshot from the video published on the Clash Report X acc...
Post a Comment
Click here to Read more Ā»

Trump Inauguration Acts Have Been Announced!

The committee planning Trumpā€™s inaugural ceremonies released a schedule Monday of four days of events centered around the Jan. 20th swearing-in ceremony, which Biden is planning to attend. ā€œPresident Trump is dedicated to uniting the country through the strength, security, and opportunity of his America First agenda,ā€ Steve Witkoff and Kelly Loeffler, the co-chairs of the inaugural committee, said in a statement. . . The Republican's Inauguration Day plans include tea at the White House, the swearing-in ceremony at the Capitol, a congressional luncheon, a parade on Pennsylvania Avenue and a trio of balls. Village People and Carrie Underwood to perform at Trump's inauguration events. . . Other inauguration ceremony performers will include two of the president-electā€™s musical favorites, country singer Lee Greenwood and opera singer Christopher Macchio. Euronews.com 49 minutes ago Search inside image Village People and Carrie Underwood to perform at Trump's inauguration events...
Post a Comment
Click here to Read more Ā»

Zelenskyy ā€˜a beggar and blackmailerā€™ ā€“ EU stateā€™s PM

11 Jan, 2025 19:21 Home World News The Ukrainian leader needs to stop asking other people for money, Slovakiaā€™s Robert Fico has said Vladimir Zelensky looks on during a joint press conference with European Council President Antonio Costa in Kiev, Ukraine, December 1, 2024  Ā©   Getty Images / Nikoletta Stoyanova ISNA News Agency 6 days ago Search inside image Slovakia's PM: Zelensky a beggar and blackmailer - ISNA Slovak Prime Minister Robert Fico has lashed out at Vladimir Zelensky, declaring that the Ukrainian leaderā€™s  ā€œbegging and blackmailingā€  needs  ā€œto stop.ā€  Relations between Bratislava and Kiev soured when Ukraine cut off the flow of Russian gas earlier this month. ā€œIā€™m not here to hold hands with Zelensky, and Iā€™ll admit, Iā€™m sick of him sometimes,ā€  Fico said at a meeting of the Slovak parliamentā€™s foreign affairs committee on Friday. ā€œHe roams Europe begging and blackmailing, asking others for money,ā€  Fico continued, adding:...
Post a Comment
Click here to Read more Ā»