(I)IoT Security News
Cyber Security, Market, News, Uncategorized, Vulnerabilities

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making.

RedEye is an open-source analytic tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist Red Teams with visualizing and reporting command and control activities. This tool, released in October 2022 on GitHub, allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a Red Team assessment. The tool parses logs, such as those from Cobalt Strike, and presents the data in an easily digestible format. The users can then tag and add comments to activities displayed within the tool. The operators can use the RedEye’s presentation mode to present findings and workflow to stakeholders.

RedEye can assist an operator to efficiently:

User Guide

Quick start

The fastest way to get up and running is by downloading the latest RedEye binaries for your operating system in the Releases section on GitHub.

RedEye currently supports uploading Cobalt Strike logs and offers both Red Team and Blue Team modes.

Note: Both Red and Blue Team modes can be started from the same RedEye application binary.

Blue Team

The Blue Team version can be run by double-clicking the RedEye application binary.

RedEye runs by default at http://127.0.0.1:4000 and will automatically open your default browser.

If a campaigns folder is located in the same directory as the RedEye application, RedEye will attempt to import any .redeye campaign files within. Campaign files can be exported in the “Red Team” version.

To prepare a version for the Blue Team, follow these two steps:

  1. Copy the RedEye application binary to an empty folder.
  2. Create a campaigns folder in the same directory and place the .redeye campaign files you want to send inside.

Red Team

The Red Team version comes in two parts:

There are two options to run RedEye:

  1. Run the downloaded binary: AUTHENTICATION_PASSWORD=<your_password> ./RedEye --redTeam.
  2. Clone this repository and either:
    1. Docker Compose:
      1. Update the environment variables in `docker-compose.yml`.
      2. Run: `docker-compose -f docker-compose.yml up -d redeye-core`.
    2. Install and run the project directly (covered in the Local Build section).

The application runs by default at http://127.0.0.1:4000.

Platform support

ARM support is experimental

Note: For Mac users, when first running the RedEye application (and cs-parser if using the Red Team version), you must go to “System Preferences” then “Security & Privacy” and click “Open Anyway”.

Local Build

Required Packages

Development

Setup

Quick Start Development

Runs the project in development mode

yarn run start

Advanced Development

It is recommended to run the server and client in two separate terminals

yarn run start:client
yarn run start:server

Build

yarn build:all to build all applications and their dependent libraries

Server .env example

AUTHENTICATION_PASSWORD=937038570
AUTHENTICATION_SECRET=supertopsecretdonttellanyone
DATABASE_MODE=DEV_PERSIST
SERVER_BLUE_TEAM=false
SERVER_PRODUCTION=false

Source:
https://github.com/cisagov/RedEye/

Related posts

Siemens Mendix Applications

(I) IoT
5 months ago

Bypassing a null byte POP/POP/RET sequence

(I) IoT
5 years ago

BD FACSLyric (Update A)

(I) IoT
6 years ago
Exit mobile version