To Cymulate
Knowledge Base
Cymulate Academy

Welcome to Cymulate Hub!

307 Topics
250 Replies
3,407 Members

Quick links

Release Notes

View latest features and updates

Welcome!

Cymulate Space

Ask, learn and connect

Knowledge Base

Search FAQ and Documentation

Cymulate Academy

Empower your Cymulate Skills

Hot Topics

Recently active
Help others

lamng

Ask a Question

Difference between Full Kill Chain Scenarios and Full Kill Chain Campigns?

23 hours ago

dan_lisichkinEmployee

Researchers Feed

Threat Dissection 🇨🇺 Unveiling Cuba Ransomware's Tactics and Protection StrategiesBlog

In line with our monthly threat dissection, today, we dig deep into the Cuba Ransomware threat. What is Cuba RansomwareThe Cuba Ransomware group is a dangerous cyber threat globally. Despite its name, it reputedly originates from Russia and has accumulated over $13 million worth of Bitcoin from victims. Cuba Ransomware utilizes sophisticated techniques to penetrate networks, disable security controls, and encrypt data. What Are Cuba Ransomware’s Favorite Attack Techniques To gain initial access, Cuba Ransomware often exploits common vulnerabilities such as unpatched Microsoft Exchange servers using ProxyShell or ProxyLogon. They also look for vulnerabilities in VMWare's VCenter backup system. Once inside the network, the hackers use malicious loaders like "Bug Hatch" to deploy next-stage payloads. A particularly nasty technique used by Cuba Ransomware is known as "bring your own vulnerable driver" (BYOVD). They use vulnerable but signed kernel drivers from legitimate software, like

220

4 days ago

Cymulate TeamEmployee

Cymulate's News & Updates

idantCommunity Manager

Cymulate's News & Updates

Introducing the Cymulate Academy and Upgraded Knowledge Base!News

Dear Community,We're thrilled to introduce two exciting additions aimed at enhancing your experience within the Cymulate platform: the Cymulate Academy and an upgraded Knowledge Base!Cymulate Academy: Your Training Hub The Cymulate Academy is your ultimate destination for comprehensive training, designed to empower you with in-depth knowledge about leveraging the Cymulate platform effectively. With our on-demand courses, you can learn at your own pace, exploring various modules and features offered by Cymulate.What's Available Now: Currently, we're thrilled to offer the Cymulate BAS learning course. Expect more enriching courses coming your way in the near future, covering a broader spectrum of functionalities and tools.How to Access: Simply click on the Help Center icon within the platform and select "Cymulate Academy" to embark on your learning journey.Upgraded Knowledge Base: Unveiling New Features Our Knowledge Base has undergone a significant transformation, tailored to offer you

Exposure Analytics architecture

Hi We don’t have the EA capability but i have questions:1 - Is the Exposure Analytics agent a different agent to BAS? 2 - what is best practice for deploying Exposure Analytics agent? 3 - Do cymulate have a high level Architecture diagram for Exposure Analytics deployment?

19 days ago

lamng

Ask a Question

How to retrieve authenticator qr code on first login

Hi every oneHow to retrieve authenticatorbl qr code on first login. The reason is that I accidentally deleted my account in Google

20 days ago

lamng

Ask a Question

Difference between Full Kill Chain Scenarios and Full Kill Chain Campigns?

23 hours ago

richard_bottiglieri

Ask a Question

Accessing the CLI

I have installed the latest Cymulate service based agent on my Windows 10 box. I cannot seem to find the CLI anywhere on the system. Is it installed with the agent installation or do I need to grab it from someplace on the site? When I open CMD as an admin and run any of the “cymulate” commands, it tells me that the command cannot be found.

25 days ago

adrian_cumberbatch

Ask a Question

Lateral movement files left behind

I recently ran a LM simulation, which i manually stopped from the console because of time. Now, a week later, my EDR is still alerting me on memory or registry access attempts from the hopper. I checked the computer only to realize there is a CYM_hopper service running in the windows services, so it appears that the LM didn’t cleanup itself properly when terminated. Is there a way from Cymulate portal to clean up or does this have to be manually done at each affected computer?

1 month ago

kumar_shanu

Ask a Question

Tracking and Closure of Security Findings in Assessments

I am currently conducting Best Practice assessments for the Email gateway team, endpoint security, web application firewall, and web gateway. After forwarding the assessment reports to the respective teams, they have confirmed that they have implemented the recommended mitigations. However, I'm facing a challenge in tracking the closure of these findings. The issue is that when I conduct future best practice assessments, I often discover new findings, and only a few from the previous assessment have been addressed.I'm seeking a solution, idea, or concept to effectively track the closure of my findings to ensure that recommended actions are implemented and that progress is made over time.

1 month ago

Steve_Eyre

Ask a Question

Cymulate MITRE dashboard

Hi Cymulate.How come the Cymulate MITRE ATT&CK heatmaps/dashboard contains more techniques than the actual MITRE framework? there are some Techniques (for example Control Panel Items T1196) that i cant find on the MITRE database for Enterprise/Mobile/ICS matrixes.Also, do Cymulate provide a data matrix of Technique coverage for each module? (including advanced) Thanks

1 month ago

Mike_U

Ask a Question

Hopper Collected Credentials

Hello Cymulate community, Why is it that when using the Hopper collected credentials feature in Cymulate, only the first pass or character is being displayed?Thank you in advance. Mike

1 month ago

hrseo

Ask a Question

Regarding requests and responses that may occur during the assessment

Our customer would like to have advance knowledge about the potential impacts of the assessment scan. They specifically request detailed information on which ports and types of communication and behavior occur during the endpoint assessment's Worm scenario and Hopper's LLMNR/NBT-NS Poisoning and relay tests. On the Knowledge Base, I found information stating that for Worm scenario test, communication occur through SMB (port 445) and RPC (port 135), for Hopper's LLMNR/NBT-NS poisoning and relay is tested through LLMNR - UDP (port 5355) and NBT-NS - UDP (port 137). However, there is a lack of information regarding the specific communication and behavior that takes place through these ports. Therefore, I kindly request further information on the exact nature of communication and behavior that occurs via these ports.

1 month ago

hrseo

Ask a Question

Regarding Attack Surface Management

I had already posted a question with this content, but it seems that the post was deleted for unknown reasons, so I'm reposting it. Our client has asked the following questions related to Attack Surface Management. They are currently conducting a comparative analysis with products from other vendors for ASM implementation. We hope to see Cymulate ASM adopted if possible, so we would like to provide as detailed answers as possible to the client's questions. Therefore, we kindly request prompt responses to the questions below. [Asset Discovery]Is there a place to confirm future development roadmaps, such as the addition of new features? Can new asset information be immediately detected when it is added or updated? (Is there an automatic detection feature?) Can it detect IT assets that the organization is not monitoring? If so, does it have a feature to notify users when detected? How is this notification done? Can the organization add IT assets it is monitoring to the management scope? C

1 month ago

lam_van

Community Guide

Installing the Service-based Agent SMTP

Hello, I'm a newbie.While installing Service-based Agent, In SMTP screen, I don't know what to fill.Email used to sign up for this trial is a Zoho email created under my own domain name.Can someone help me.Thanks and regards!

1 month ago

hrseo

Ask a Question

Why block certain file types to be downloaded

What is the rationale behind Cymulate's recommendation to block specific file types (highlighted in red...) in the Web Gateway Report(Inbound)? Our customer is curious about the rationale behind blocking these file types.(It would be even better if there is official documentation or information explaining the basis for this.) Best regards.

1 month ago

Ask the Community

Not sure how to do something in Cymulate?

Ask here

Threat Alert

Type:

Tweets by CymulateLtd

Badges

rubenjhas earned the badge Rising star
luizmonteirohas earned the badge Conversation Starter
lamnghas earned the badge Conversation Starter
jack_parkerhas earned the badge Conversation Starter
gabriele_parishas earned the badge Conversation Starter
adrian_cumberbatchhas earned the badge Conversation Starter

Show all badges

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Login

CUSTOMER / CYMULATE EMPLOYEE LOGIN

Username *

E-mail address *

First Name *

Last Name *

Country *

Company Name

(Private)

Only you and moderators can see this information

State

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Login

CUSTOMER / CYMULATE EMPLOYEE LOGIN

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

Welcome to Cymulate Hub!

Quick links

Hot Topics

Threat Dissection 🇨🇺 Unveiling Cuba Ransomware's Tactics and Protection StrategiesBlog

New Feature Release: Findings Management on Exposure Analytics!Feature Release

Upcoming Changes to Finding APIsNews

Introducing the Cymulate Academy and Upgraded Knowledge Base!News

Ask the Community

Threat Alert

Badges

Sign up

Login

Login to the community

Login

Scanning file for viruses.

This file cannot be downloaded