<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:"Segoe UI";

        panose-1:2 11 5 2 4 2 4 2 2 3;}

@font-face

        {font-family:"Franklin Gothic Book";

        panose-1:2 11 5 3 2 1 2 2 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

p.xparagraph, li.xparagraph, div.xparagraph

        {mso-style-name:x_paragraph;

        margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

span.xnormaltextrun

        {mso-style-name:x_normaltextrun;}

span.xeop

        {mso-style-name:x_eop;}

span.xspellingerror

        {mso-style-name:x_spellingerror;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal">FYSA<o:p></o:p></p>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<div style="margin-bottom:6.0pt">

<div>

<div>

<div>

<p class="xparagraph" style="margin-bottom:12.0pt;background:white"><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black"> </span><o:p></o:p></p>

<p class="xparagraph" style="background:white"><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Today, CISA released

</span></span><span class="xspellingerror"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">RedEye</span></span><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">, an interactive open-source

 analytic tool for use by Red Teams to visualize and report command and control activities. This tool was developed in partnership with the Department of Energy Pacific Northwest National Lab. It</span></span><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:red"> </span></span><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">allows

 a Red Team operator to quickly assess complex data associated with an engagement or penetration test (pen test), evaluate mitigation strategies, and enable effective decision making to strengthen an organizations cybersecurity posture.</span></span><span class="xeop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span class="xspellingerror"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><o:p></o:p></p>

<p class="xparagraph" style="background:white"><span class="xspellingerror"><span style="color:black"> </span></span><o:p></o:p></p>

<p class="xparagraph" style="margin-bottom:12.0pt;background:white"><span class="xspellingerror"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">RedEye</span></span><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> will

 intake Cobalt Strike logs from a pen test or Red Team engagement that uses Cobalt Strike. With this information, the tool will arrange logs to be easily queried and display them in a graphical, timeline format.

</span></span><span class="xspellingerror"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">RedEye</span></span><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> also parses logs and

 presents the data to each operator. Operators can then tag and add comments to the activities in the tool, which can then be used in a presentation mode to present findings and workflow to stakeholders.</span></span><span class="xeop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black"> </span><o:p></o:p></p>

<p class="xparagraph" style="margin-bottom:12.0pt;background:white;font-kerning:none">

<span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Using this tool, Red Teams can quickly organize information and communicate findings, key events, and penetration paths, which without this tool would be a

 manual process scrolling through thousands of lines of text.</span></span><span class="xeop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black"> </span><o:p></o:p></p>

<p class="MsoNormal" style="background:white"><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">For more information, CISA encourages users to review

</span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black"><a href="https://github.com/cisagov/RedEye/"><span class="xnormaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#0563C1">RedEye

 on GitHub</span></span></a></span><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> and watch CISA’s

</span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black"><a href="https://www.youtube.com/watch?v=b_ARIVl4BkQ"><span class="xnormaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#0563C1">RedEye

 tool overview video</span></span></a></span><span class="xnormaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">.</span></span><span class="xeop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span class="xeop"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></p>

<p class="MsoNormal" style="background:white"><o:p> </o:p></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">

</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>

<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D8DF9A.2F5E5AA0"><span style="color:#1F497D"><o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal" style="background:white"><o:p> </o:p></p>

</div>

</body>

</html>