Cisco Firepower IDS detected suspicious P2P traffic on rented notebooks at Black Hat Europe. See how XDR and JA3 fingerprints identified the culprit.

Cisco's platform provides networking knowledge, offering  guides, tutorials, and case studies on networking technologies, cybersecurity, and collaboration tools. Whether you're a networking novice looking to understand the basics of routing and switching or a seasoned IT professional seeking advanced insights into network architecture and security protocols, Cisco has resources tailored to your needs. Dive into Cisco's extensive library of resources to sharpen your networking skills and stay ahead in the rapidly evolving world of IT infrastructure.

Cisco

Cisco's XDR platform detected suspicious P2P traffic from a rented notebook at Black Hat Europe 2025. The investigation used Firepower IDS, Corelight NDR, and JA3 fingerprinting to identify Syncthing file synchronization software communicating over port 22067 with multiple malicious IPs. The device, used for sales demonstrations, hadn't been reimaged after previous use. The incident showcased how integrating multiple security tools (Cisco XDR, Splunk, Palo Alto Networks, Corelight) enabled rapid detection and response through automated workflows and cross-platform correlation.

Black Hat Europe 2025: Firepower IDS Flags Unwanted P2P on Rented Gear