A brand new open-source analytical device dubbed RedEye designed to make it simpler for operators to visualise and report actions related to C2 communication has been launched by CISA.
Each the crimson and blue groups can profit from RedEye, because it offers a straightforward option to gauge information, resulting in particular selections that may be made with confidence.
RedEye
A collaborative effort between CISA and DOE’s Pacific Northwest Nationwide Laboratory has given delivery to this analytical device.
A graphically displayed log of all servers and hosts related to every marketing campaign may be retrieved by RedEye customers by correlating historic information of every marketing campaign log.
To be able to view related details about a marketing campaign, customers can add marketing campaign information by way of RedEye to view info resembling:-
In the course of the technique of parsing log information, resembling these generated by Cobalt Strike, the device presents the data in a format that may be simply understood.
In consequence, customers are in a position to tag actions displayed throughout the device and touch upon them. Operators can current findings and workflow to stakeholders utilizing the presentation mode that’s accessible on the RedEye utility.
To find the payload exercise analysts may analyze all the important thing occasions in a specific marketing campaign. Along with utilizing RedEye to test the uncooked information acquired after an evaluation, blue groups may use it to know it higher.
This information can be utilized by them to see the assault path and the compromised hosts to take the suitable motion based mostly on what they’ve discovered.
RedEye affords a variety of options and all its key options are introduced within the under video made by CISA:-
Aside from RedEye, the CISA have additionally launched a number of different open-source instruments like:-
The next main platforms have been examined and proved to be appropriate with RedEye:-
- Linux (Ubuntu 18 and above, Kali Linux 2020.1 or newer)
- macOS (El Capitan and above)
- Home windows 7 or newer
Furthermore, the CISA’s repository on GitHub hosts the device, and it’s accessible for obtain by way of the repository.
Additionally Learn: Obtain Safe Net Filtering – Free E-book
