View latest features and updates
Meet the newest members of our community
Validate Detection and Protection now with Cymulate
Ask, learn and connect
Search FAQ and Documentation
Latest updates on cyber threats
Hello all! I believe will be interesting/helpful to other people too if an API URL to manage (view, delete, edit) scheduled assessments was available into "Advanced Scenarios" API group. Regards Uiliam Mello
Recently we were testing some older and newer immediate threats scenarios related to Black Basta to determine if our endpoints were vulnerable to those specific attacks. We noticed that even on the oldest attack scenarios our MS Defender for Endpoint was failing to detect and block the attacks. Defender was running and alerted on some of the activity. After troubleshooting possible causes such as improper allow-listing for Cymulate we discovered some subcomponents of Defender on the Agent Host were out of date. If this failure to update was occurring on our Agent Hosts then it is likely occurring on other hosts in production.We thought it would be helpful to possibly include health information for endpoint defense tools on the host to more easily correlate false negatives to issues with the security controls on the box. The health information is available through the MS Defender 365 console (see attached dashboard screenshot) and might be accessible on the host directly but Microsoft d
Hello!Are there any best practice to manage agent logs on Windows machines?Specifically we are interested into best practices to manage the disk space, because we verified that after an year the disk is full and we need to decide which logs can be deleted.Moreover is there a configuration in the Agent or in the platform that can be set to overwrite past logs. Thank you,Lucio
Open Ports is one of the network exfiltration methods in the Data Exfiltration module.When using this method, the Cymulate agent will try to find an open port, and if found the agent will establish a TCP socket to exfiltrate data.How the Open Ports method works:The Cymulate agent will scan the external IP address (220.127.116.11) of Cymulate for open ports. This address listens on all available ports - 65,535. The Cymulate agent will scan all 65,535 ports. If open ports are discovered, the Cymulate agent randomly chooses an open port for the exfiltration. The Cymulate agent will create a TCP socket to 18.104.22.168 (a different IP than the scanned one) over the chosen open port. Data will now be exfiltrated over this socket.
The Hopper is now able to authenticate to Linux machines using Active Directory credentials via SSH.This capability allows the Hopper to use cleartext credentials to spread to Active Directory connected Linux machines during an attack.As we can see in the screenshot below, the Hopper is able to spread to a Linux machine using cleartext AD credentials via SSH:The Hopper can spread from a Linux machine to other Linux machines via SSH. The Hopper can spread back from a Linux machine to Windows machines via SMB.
HiRef to this guide If I don´t define any Scope Range and leave the field empty, will the agent scan and try to reach every singel network/IP it can find? Or the agent will never leave the server that the agent was installed. So final question is it require to fill the scope or exclude range?
Hi. When a Hopper report are uploaded to the Cymulate Cloud server. In which country are the server placed? Tony
Hi Is it possible to abort a (lateral movement) Hopper assessment after launch?And what will happen with the Hopper “agent” if the agent was able to jumpe to let say 3 server? Will the agent kill the Hopper “process” it self if don´t get some kind of “keep-alive” signal back from “mother” Hopper. Or the Hopper will continued to doing task until it don´t get any feedback.
We have been found that on system where Cymulate agent is installed and its https service is not getting up and showing red. It is shown that no authenticated client on the system.
Hey guys! Can you please tell me all the port numbers that are supported by the hopper?I know the below protocol is supported by hopper.---------------------SMBWMI/DCOM/RPCRDPSSHWinRMMSSQL Thank you!
Hey everyone!Is there any limitation about OS version and distribution when a Linux machine is used as a remote machine (target)?
We have a client with the need to access GSuite but has a policy to deny outgoing IMAP.Is there any plan to support HTTP API access?
Please advise How many assessments can be performed at the same time. The conditions are like・ Different target terminals・ Same or different scenarios
I have my EDR tool integrated with Cymulate. I ran an Endpoint Security Assessment which took almost 12 hours to complete with Cymulate Best Practice template but the generated report shows no EDR integrated and hence high risk score ! That sounds very ironic and confusing. Is this how it is supposed to work? Anyone facing similar issue?
Im new to this tool and doesn’t see any help files/trainings related to configurations, best practices etc. Is there a place where I can get a proper training before I mess up things doing alone?
✅ Cisco success story.🎯 Russian propaganda gives away the location of the infamous Wagner group HQ in Ukraine.⚠️ Microsoft critical new recommendations for running Microsoft Exchange.https://www.linkedin.com/posts/cymulate_hi-welcome-to-the-cymulate-cybersecurity-activity-6965308053411741697-hTHD?utm_source=linkedin_share&utm_medium=member_desktop_web
New to Cymulate and Sentinel. Looking to integrate the two for maximizing our products. I see there is a command to place on Fortigates that send reports to a log server that Cymulate can read from. Are there better ways? Thanks
Not sure how to do something in Cymulate?
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.