FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ Security – Cisco Blog

Conference Hopping: Training Attendee Scanning Def Con

By: Bilal Qamar β€” September 3rd 2025 at 12:00
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
☐ β˜† βœ‡ Security – Cisco Blog

Driving Cisco XDR Integration With Third-Party Partners at Black Hat

By: Aditya Sankar β€” September 3rd 2025 at 12:00
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
☐ β˜† βœ‡ Security – Cisco Blog

Cisco Secure Firewall: SnortML at Black Hat USA 2025

By: Adam Kilgore β€” September 3rd 2025 at 12:00
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
☐ β˜† βœ‡ Security – Cisco Blog

Black Hat Investigation: Attempted Exploitation of Registration Server

By: Bilal Qamar β€” September 3rd 2025 at 12:00
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
☐ β˜† βœ‡ Security – Cisco Blog

The Value of PCAP in Firewall Investigations

By: Steve Nowell β€” September 3rd 2025 at 12:00
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
☐ β˜† βœ‡ Security – Cisco Blog

Findings Report From the SOC at RSACβ„’ 2025 Conference

By: Jessica (Bair) Oppenheimer β€” August 19th 2025 at 12:00
Cisco Security and Splunk protected RSACβ„’ 2025 Conference in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.
☐ β˜† βœ‡ Security – Cisco Blog

Customize Your Defense: Unlock Cisco XDR With Key Integrations

By: Ben Greenbaum β€” July 23rd 2025 at 12:00
The new Cisco XDR Connect tool helps users to search, browse, and view the details of all available XDR integrations and automation content.
☐ β˜† βœ‡ Security – Cisco Blog

Cisco Live San Diego Case Study: Malware Upatre! (Encrypted Visibility Engine Event)

By: Aditya Sankar β€” July 2nd 2025 at 12:00
Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.
☐ β˜† βœ‡ Security – Cisco Blog

Splunk in Action at the Cisco Live San Diego SOC

By: Jessica (Bair) Oppenheimer β€” July 2nd 2025 at 12:00
Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.
☐ β˜† βœ‡ Security – Cisco Blog

Using AI to Battle Phishing Campaigns

By: Ryan Maclennan β€” July 2nd 2025 at 12:00
Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.
☐ β˜† βœ‡ Security – Cisco Blog

Building an XDR Integration With Splunk Attack Analyzer

By: Ryan Maclennan β€” July 2nd 2025 at 12:00
Cisco XDR is an infinitely extensible platform for security integrations. Like the maturing SOCs of our customers, the event SOC team at Cisco Live San Diego 2025 built custom integrations to meet our needs. You can build your own integrations using the community resources announced at Cisco Live. It was an honor to work with […]
☐ β˜† βœ‡ Security – Cisco Blog

Cisco Live San Diego Case Study: Hunting Cleartext Passwords in HTTP POST Requests

By: Aditya Sankar β€” July 2nd 2025 at 12:00
Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.β€―
☐ β˜† βœ‡ Security – Cisco Blog

Developing With Cisco XDR at Cisco Live San Diego β€˜25

By: Christopher Van Der Made β€” May 19th 2025 at 12:00
Join us at Cisco Live San Diego to explore Cisco XDR’s latest innovations, including custom integrations, AI automation, and community features. Don’t miss out!
☐ β˜† βœ‡ Security – Cisco Blog

Automate Forensics to Eliminate Uncertainty

By: Rajat Gulati β€” May 5th 2025 at 12:00
Discover how Cisco XDR delivers automated forensics and AI-driven investigationβ€”bringing speed, clarity, and confidence to SecOps teams.
☐ β˜† βœ‡ Security – Cisco Blog

Black Hat Asia 2025 NOC: Innovation in SOC

By: Jessica (Bair) Oppenheimer β€” April 24th 2025 at 12:00
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future.
☐ β˜† βœ‡ Security – Cisco Blog

Instant Attack Verification: Verification to Trust Automated Response

By: Briana Farro β€” April 29th 2025 at 12:00
Discover how Cisco XDR’s Instant Attack Verification brings real-time threat validation for faster, smarter SOC response.
☐ β˜† βœ‡ Security – Cisco Blog

Cisco XDR Just Changed the Game, Again

By: AJ Shipley β€” April 28th 2025 at 11:55
Clear verdict. Decisive action. AI speed. Cisco XDR turns noise into clarity and alerts into actionβ€”enabling confident, timely response at scale.
☐ β˜† βœ‡ Security – Cisco Blog

Black Hat Asia 2025: Innovation in the SOC

By: Jessica (Bair) Oppenheimer β€” April 24th 2025 at 12:00
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future.
☐ β˜† βœ‡ Security – Cisco Blog

Sign Up for a Tour at the SOC at RSACβ„’ 2025 Conference

By: Jessica (Bair) Oppenheimer β€” April 14th 2025 at 12:00
Cisco and Endace provide Security Operations Center services at RSACβ„’ 2025 Conference. Sign up for a tour and see what happens in the SOC.
☐ β˜† βœ‡ KitPloit - PenTest Tools!

QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems

By: Unknown β€” April 12th 2025 at 12:30



QuickResponseC2 is a stealthy Command and Control (C2) framework that enables indirect and covert communication between the attacker and victim machines via an intermediate HTTP/S server. All network activity is limited to uploading and downloading images, making it an fully undetectable by IPS/IDS Systems and an ideal tool for security research and penetration testing.


Capabilities:

  • Command Execution via QR Codes:
    Users can send custom commands to the victim machine, encoded as QR codes.
    Victims scan the QR code, which triggers the execution of the command on their system.
    The command can be anything from simple queries to complex operations based on the test scenario.

  • Result Retrieval:
    Results of the executed command are returned from the victim system and encoded into a QR code.
    The server decodes the result and provides feedback to the attacker for further analysis or follow-up actions.

  • Built-in HTTP Server:
    The tool includes a lightweight HTTP server that facilitates the victim machine's retrieval of command QR codes.
    Results are sent back to the server as QR code images, and they are automatically saved with unique filenames for easy management.
    The attacker's machine handles multiple requests, with HTTP logs organized and saved separately.

  • Stealthy Communication:
    QuickResponseC2 operates under the radar, with minimal traces, providing a covert way to interact with the victim machine without alerting security defenses.
    Ideal for security assessments or testing command-and-control methodologies without being detected.

  • File Handling:
    The tool automatically saves all QR codes (command and result) to the server_files directory, using sequential filenames like command0.png, command1.png, etc.
    Decoding and processing of result files are handled seamlessly.

  • User-Friendly Interface:
    The tool is operated via a simple command-line interface, allowing users to set up a C2 server, send commands, and receive results with ease.
    No additional complex configurations or dependencies are needed.

Usage

  1. First, install the Dependencies - pip3 install -r requirements.txt
  2. Then, run the main.py python3 main.py
  3. Choose between the options:

1 - Run the C2 Server

2 - Build the Victim Implant

  1. Enjoy!

Demonstration

https://github.com/user-attachments/assets/382e9350-d650-44e5-b8ef-b43ec90b315d

Workflow Overview

1. Initialization of the C2 Server

  • The attacker launches QuickResponseC2, which creates a lightweight HTTP server (default port: 8080).
  • This server serves as the intermediary between the attacker and victim, eliminating any direct connection between them.

2. Command Delivery via QR Codes

  • The attacker encodes a command into a QR code and saves it as commandX.png on the HTTP server.
  • The victim machine periodically polls the server (e.g., every 1 second) to check for the presence of a new command file.

3. Victim Command Execution

  • Once the victim detects a new QR code file (commandX.png), it downloads and decodes the image to retrieve the command.
  • The decoded command is executed on the victim's system.

4. Result Encoding and Uploading

  • The victim encodes the output of the executed command into a QR code and saves it locally as resultX.png.
  • The result file is then uploaded to the HTTP server.

5. Result Retrieval by the Attacker

  • The attacker periodically checks the server for new result files (resultX.png).
  • Once found, the result file is downloaded and decoded to retrieve the output of the executed command.

TODO & Contribution

  • [x] Generate a Template for the Implant
  • [ ] Compile the implant as an .exe automatically
  • [x] Save the generated QR Code as bytes in a variable instead of a file - VICTIM Side
  • [ ] Add an obfuscation on the commands decoded from the QR Codes automatically

Feel free to fork and contribute! Pull requests are welcome.



☐ β˜† βœ‡ Security – Cisco Blog

Mobile World Congress 2025: SOC in the Network Operations Center

By: Filipe Lopes β€” April 3rd 2025 at 12:00
Cisco is the sole supplier of network services to Mobile World Congress, expanding into security and observability, with Splunk.
☐ β˜† βœ‡ Security – Cisco Blog

The Benefits of a Broad and Open Integration Ecosystem

By: Ben Greenbaum β€” March 26th 2025 at 12:00
Since inception, Cisco XDR has followed the Open XDR philosophy. We integrate telemetry and data from dozens of Cisco and third-party security solutions.
☐ β˜† βœ‡ Security – Cisco Blog

Cisco Live Melbourne SOC Report

By: Shaun Coulter β€” February 27th 2025 at 13:00
Learn how the SOC team supported Cisco Live Melbourne and some of the more interesting findings from four days of threat hunting on the network.
☐ β˜† βœ‡ Security – Cisco Blog

Black Hat Europe 2024 NOC/SOC: Security Cloud

By: Jessica (Bair) Oppenheimer β€” January 28th 2025 at 13:00
Cisco is the Official Security Cloud Provider for the Black Hat Network Operations Center (NOC). We work with the other official partners to bring the hardware, software and engineers to build and secure the network, for our joint customer: Black Hat.Β  Arista: Wired and Wireless Network EquipmentΒ  Corelight: Open Network Detection and ResponseΒ  Palo Alto […]
☐ β˜† βœ‡ Security – Cisco Blog

SOC Findings Report From RSA Conference 2024

By: Jessica Bair β€” October 22nd 2024 at 12:00
Discover key insights from the SOC Findings Report at RSA Conference 2024, co-released by Cisco and NetWitness for Cybersecurity Awareness Month.
☐ β˜† βœ‡ Security – Cisco Blog

Black Hat 2024: SOC in the NOC

By: Ryan Maclennan β€” September 27th 2024 at 12:00
The Black Hat Network Operations Center (NOC) provides a high-security, high-availability network in one of the most demanding environments in the world: the Black Hat event. The NOC partners are selected by Black Hat, with Arista, Cisco, Corelight, Lumen, NetWitness and Palo Alto Networks delivering from Las Vegas this year. Cisco is the official Domain […]
☐ β˜† βœ‡ KitPloit - PenTest Tools!

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add

By: Unknown β€” September 20th 2024 at 11:30


file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of features to help developers and security professionals work with PE files more effectively.


Features

  • PE Header Fixing: file-unpumper can fix and align the PE headers of a given executable file. This is particularly useful for resolving issues caused by packers or obfuscators that modify the headers.

  • Resource Extraction: The tool can extract embedded resources from a PE file, such as icons, bitmaps, or other data resources. This can be helpful for reverse engineering or analyzing the contents of an executable.

  • Metadata Analysis: file-unpumper provides a comprehensive analysis of the PE file's metadata, including information about the machine architecture, number of sections, timestamp, subsystem, image base, and section details.

  • File Cleaning: The core functionality of file-unpumper is to remove any "pumped" or padded data from a PE file, resulting in a cleaned version of the executable. This can aid in malware analysis, reverse engineering, or simply reducing the file size.

  • Parallel Processing: To ensure efficient performance, file-unpumper leverages the power of parallel processing using the rayon crate, allowing it to handle large files with ease.

  • Progress Tracking: During the file cleaning process, a progress bar is displayed, providing a visual indication of the operation's progress and estimated time remaining.

Installation

file-unpumper is written in Rust and can be easily installed using the Cargo package manager:

cargo install file-unpumper

Usage

  • <INPUT>: The path to the input PE file.

Options

  • --fix-headers: Fix and align the PE headers of the input file.
  • --extract-resources: Extract embedded resources from the input file.
  • --analyze-metadata: Analyze and display the PE file's metadata.
  • -h, --help: Print help information.
  • -V, --version: Print version information.

Examples

  1. Clean a PE file and remove any "pumped" data:

bash file-unpumper path/to/input.exe

  1. Fix the PE headers and analyze the metadata of a file:

bash file-unpumper --fix-headers --analyze-metadata path/to/input.exe

  1. Extract resources from a PE file:

bash file-unpumper --extract-resources path/to/input.exe

  1. Perform all available operations on a file:

bash file-unpumper --fix-headers --extract-resources --analyze-metadata path/to/input.exe

Contributing

Contributions to file-unpumper are welcome! If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request on the GitHub repository.

Changelog

The latest changelogs can be found in CHANGELOG.md

License

file-unpumper is released under the MIT License.



☐ β˜† βœ‡ Security – Cisco Blog

Cisco Innovating a New Era of Security at Black Hat 2024

By: Player Pate β€” August 1st 2024 at 12:00
It’s almost time for another year of cutting-edge research and innovative talks, as thousands of hackers and security professionals descend upon Las Vegas for Black Hat 2024.
☐ β˜† βœ‡ Security – Cisco Blog

Accelerating SaaS solution delivery to the U.S. Federal Government

By: Gagandeep Singh β€” July 17th 2024 at 12:00
The Federal Operational Security Stack is a centralized framework offering efficiencies when deploying SaaS solutions and services to the U.S. Federal market.
☐ β˜† βœ‡ Security – Cisco Blog

Operationalizing our custom β€œSOC in a Box” at the RSA Conference 2024

By: Aditya Sankar β€” June 13th 2024 at 12:00
Cisco engineers often face the challenge of setting up a Security Operations Center in two days at global events. Aditya Sankar explains the process with our β€œSOC in a Box” in this blog.
☐ β˜† βœ‡ The Hacker News

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

By: The Hacker News β€” May 24th 2024 at 10:35
Introduction The infamous&nbsp;Colonial&nbsp;pipeline ransomware attack (2021) and&nbsp;SolarWinds&nbsp;supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps.
☐ β˜† βœ‡ Security – Cisco Blog

Black Hat Asia 2024 NOC: Cisco Security Cloud

By: Jessica Bair β€” May 15th 2024 at 12:00
Protecting Black Hat Asia NOC with Cisco Security Cloud
☐ β˜† βœ‡ The Hacker News

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

By: The Hacker News β€” May 13th 2024 at 10:19
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives&nbsp; Analysts
☐ β˜† βœ‡ Security – Cisco Blog

Cisco & Splunk: A Complete SOC Platform Purpose-Built for the AI-Driven Future

By: AJ Shipley β€” May 6th 2024 at 11:55
We're excited about the integration of Cisco XDR and Splunk Enterprise Security, creating a SecOps platform that can grow with customers as needs change.
☐ β˜† βœ‡ The Hacker News

It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs

By: The Hacker News β€” May 6th 2024 at 11:00
Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike.&nbsp;And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.&nbsp; With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question
☐ β˜† βœ‡ The Hacker News

10 Critical Endpoint Security Tips You Should Know

By: The Hacker News β€” April 26th 2024 at 10:46
In today's digital world, where connectivity&nbsp;is rules all, endpoints serve as the gateway to a business’s digital kingdom.&nbsp;And because&nbsp;of this,&nbsp;endpoints&nbsp;are one of hackers' favorite targets.&nbsp; According to the IDC,&nbsp;70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
☐ β˜† βœ‡ Security – Cisco Blog

Sign up for a Tour at the RSA Conference 2024 SOC

By: Jessica Bair β€” March 18th 2024 at 12:00

Join the guided tour outside the Security Operations Center, where we’ll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform. Engineers will be using Cisco S… Read more on Cisco Blogs

☐ β˜† βœ‡ The Hacker News

From Alert to Action: How to Speed Up Your SOC Investigations

By: The Hacker News β€” February 27th 2024 at 10:48
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional's role. Threat intelligence platforms can significantly enhance their ability to do so. Let's find out what these platforms are and how they can empower analysts. The Challenge: Alert Overload The modern SOC faces a relentless barrage of security alerts generated by SIEMs and EDRs.
☐ β˜† βœ‡ The Hacker News

Combined Security Practices Changing the Game for Risk Management

By: The Hacker News β€” February 5th 2024 at 11:12
A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority will shout alerts at the customer as and when they become apparent and cause great stress in the process. The issue being that by using a reactive, rather than proactive approach, many risks
☐ β˜† βœ‡ The Hacker News

Scaling Security Operations with Automation

By: The Hacker News β€” December 6th 2023 at 10:14
In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation throughout security operations helps security teams alleviate
☐ β˜† βœ‡ The Hacker News

6 Steps to Accelerate Cybersecurity Incident Response

By: The Hacker News β€” November 23rd 2023 at 10:48
Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That’s why it’s essential that these teams not only have the right tools but also understand how to effectively
☐ β˜† βœ‡ KitPloit - PenTest Tools!

Caracal - Static Analyzer For Starknet Smart Contracts

By: Zion3R β€” October 6th 2023 at 11:30


Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.

Features

  • Detectors to detect vulnerable Cairo code
  • Printers to report information
  • Taint analysis
  • Data flow analysis framework
  • Easy to run in Scarb projects

Installation

Precompiled binaries

Precompiled binaries are available on our releases page. If you are using Cairo compiler 1.x.x uses the binary v0.1.x otherwise if you are using the Cairo compiler 2.x.x uses v0.2.x.

Building from source

You need the Rust compiler and Cargo. Building from git:

cargo install --git https://github.com/crytic/caracal --profile release --force

Building from a local copy:

git clone https://github.com/crytic/caracal
cd caracal
cargo install --path . --profile release --force

Usage

List detectors:

caracal detectors

List printers:

caracal printers

Standalone

To use with a standalone cairo file you need to pass the path to the corelib library either with the --corelib cli option or by setting the CORELIB_PATH environment variable. Run detectors:

caracal detect path/file/to/analyze --corelib path/to/corelib/src

Run printers:

caracal print path/file/to/analyze --printer printer_to_use --corelib path/to/corelib/src

Scarb

If you have a project that uses Scarb you need to add the following in Scarb.toml:

[[target.starknet-contract]]
sierra = true

[cairo]
sierra-replace-ids = true

Then pass the path to the directory where Scarb.toml resides. Run detectors:

caracal detect path/to/dir

Run printers:

caracal print path/to/dir --printer printer_to_use

Detectors

Num Detector What it Detects Impact Confidence Cairo
1 controlled-library-call Library calls with a user controlled class hash High Medium 1 & 2
2 unchecked-l1-handler-from Detect L1 handlers without from address check High Medium 1 & 2
3 felt252-overflow Detect user controlled operations with felt252 type, which is not overflow safe High Medium 1 & 2
4 reentrancy Detect when a storage variable is read before an external call and written after Medium Medium 1 & 2
5 read-only-reentrancy Detect when a view function read a storage variable written after an external call Medium Medium 1 & 2
6 unused-events Events defined but not emitted Medium Medium 1 & 2
7 unused-return Unused return values Medium Medium 1 & 2
8 unenforced-view Function has view decorator but modifies state Medium Medium 1
9 unused-arguments Unused arguments Low Medium 1 & 2
10 reentrancy-benign Detect when a storage variable is written after an external call but not read before Low Medium 1 & 2
11 reentrancy-events Detect when an event is emitted after an external call leading to out-of-order events Low Medium 1 & 2
12 dead-code Private functions never used Low Medium 1 & 2

The Cairo column represent the compiler version(s) for which the detector is valid.

Printers

  • cfg: Export the CFG of each function to a .dot file
  • callgraph: Export function call graph to a .dot file

How to contribute

Check the wiki on the following topics:

Limitations

  • Inlined functions are not handled correctly.
  • Since it's working over the SIERRA representation it's not possible to report where an error is in the source code but we can only report SIERRA instructions/what's available in a SIERRA program.


❌