To Cymulate
Knowledge Base
Cymulate Academy

Welcome to Cymulate Hub!

336 Topics
278 Replies
3,519 Members

Quick links

Release Notes

View latest features and updates

Welcome!

Hot Topics

Recently active
Help others

LATAM - Share Region Based Templates

Hey, we're an MSSP based on Brazil / LATAM, and we're creating regional templates for Data Exfil module. How can we share this properly? And other question, does Cym have an internal chat/communication method, like a Slack channel, or something like that? Thanks in advance.

idantCommunity Manager

Cymulate's News & Updates

Q1 Triumphs: How Cymulate is Changing the Game 💎Blog

This quarter, significant changes occurred in the cybersecurity sector, highlighting the importance of advanced strategies. The cases of Globeleq, LV=, and Banco PAN demonstrate the effectiveness of these strategies in today’s digital environment. These examples showcase how Cymulate has improved cybersecurity through better efficiency, resilience, and proactive measures. Let’s explore these developments in more detail. Cymulate Empowers Globeleq with In-house Security & Threat Validation Imagine turning the tide in the African power landscape with just a switch to automation. That’s exactly what Globeleq did. They said goodbye to the old school manual penetration tests and inconsistent security checks, welcoming Cymulate’s automated security validations with open arms. This wasn’t just an upgrade; it was a revolution in their cybersecurity playbook, ensuring they’re always one step ahead of threats. Talk about a game-changer in cybersecurity efficiency and response! LV= Takes

[Endpoint Security Module] Access is denied

Hello everyone!I have launched an Endpoint Security Assessment which has failed. The main error is “Access is denied”:An error occurred trying to start process 'C:\Program Files\Cymulate\Agent\Executor\36.0\CymulateEDRScenarioExecutor.exe' with working directory 'C:\Program Files\Cymulate\Agent\Executor\36.0'. Access is denied.I have slightly debugged the problem and I can confirm that the user exists on the machine as well as the exceptions made in the EDR are the following:ProgramData\Cymulate\Agent\** Program Files\Cymulate\Executor\** Program Files\Cymulate\CLI\** Program Files\Cymulate\Service\** Program Files\Cymulate\Agent\*Has anyone else experienced this error on Endpoint Security Module or in another one? How could I debug deeper this error?Thank you very much!

The scan is blocked at 99%(2 days)

Hello, we have the Cymulate endpoint to test XDR Cortex, and we've made exclusions in XDR. The issue is, we started the scan test on March 20th... it's been stuck at 99% since the evening of March 20th. It's been 48 hours already. How can I see what's the cause? Every time we run this test, it always encounters this problem and we have to stop the job.

AppleMacos

Hi I’m running a MacOS agent which seems to be unstable as tests don’t complete or partially complete. The processor is M1, is this unsupported?

Cymulate TeamEmployee

Cymulate's News & Updates

Unveiling Security Insights: 5 Cool Facts from Our 2024 Report 🔍

Taking inspiration from over 500 customers, Cymulate's latest report reveals key trends and strategies for staying ahead.Here are 5 cool facts you need to know:Global Shifts: Cybersecurity trends across different regions showcase the dynamic battle against cyber threats. A Critical Wake-Up Call: A significant 5% decrease in security control effectiveness signals an urgent need for enhanced strategies. Vulnerability Alert: With 76% of customers identifying at least one high-severity vulnerability, robust vulnerability management is key. Enduring Threats: Persistent dangers from Log4Shell and Pikabot emphasize the need for targeted security enhancements. Exposure Management: The critical importance of network audits and segmentation is highlighted by the risks of exposed management services.Further Learning 🌐 Get more insights, including benchmarking across various geographies, industries, and organizational sizes, by exploring the 2024 State of Exposure Management & Security Valid

Blocking of Data exfiltration to any Cloud using DLP

We are able to block data exfiltration using DLP when it is based on HTTPS communication but when the data is exfiltrated to any cloud i.e. AWS, GCP or Azure, DLP is not detecting that. Is there anyone who is able to block such Data exfiltration?

Academy Assistance Question

I click cymulate academy on the right next to knowledge base but unable to login. I use the same password as logging into the cymulate hub but then it doesn’t recognize. I also try to reset the password but nothing. Would someone be able to help on this? Thanks

Cobalt Strike Beacon & Cymulate

Hi Guys,On the release page of Cymulate there is a mention of CS Beacon being added to Cymulate (Oct 23 i think). i was unable to find anything related to Beacon (searched for ‘cobalt strike’) on advanced BAS resources, so wondered what Cymulate are planning to do with it.? is it going to be integrated into Cymulate’s C2 somehow or used for certain opsec safe techniques aka Exfiltration, post exploitation?

johan_stejfkens

Silent installation procedure

In our company, only automated installations are allowed. For our company software distribution system, we need a silent installation procedure. Anyone knows how to proceed?

AppleMacos

Hi I’m running a MacOS agent which seems to be unstable as tests don’t complete or partially complete. The processor is M1, is this unsupported?

Academy Assistance Question

I click cymulate academy on the right next to knowledge base but unable to login. I use the same password as logging into the cymulate hub but then it doesn’t recognize. I also try to reset the password but nothing. Would someone be able to help on this? Thanks

Web Gateway Test

Hello, We are running a web gateway test, and having looked at the results, a lot of the test results, should have been blocked by Defender, however they are being allowed - I have checked our EDR and Attack Surface policy and everything is switched on. Does anyone have any ideas why the Web Gateway is showing so many high fails.

WAF assessment HTTP Method

We are running WAF assessment on an URL that has a form. We expect some checks, i.e. SQL Injections, to use the fields and method, but the report doesn’t show the form id and the method for that URL is still GET, despite the type is form.The form is pretty basic, no funny javascript mess, however, it hasn’t the id attribute.<form method="POST" action="some_action" name="some_name"><input name="field1" type="hidden" value="">...</form>Can we force the POST method for that URL? Regards,

Difference between Full Kill Chain Scenarios and Full Kill Chain Campigns?

Difference between Full Kill Chain Scenarios and Full Kill Chain Campigns?

richard_bottiglieri

Accessing the CLI

I have installed the latest Cymulate service based agent on my Windows 10 box. I cannot seem to find the CLI anywhere on the system. Is it installed with the agent installation or do I need to grab it from someplace on the site? When I open CMD as an admin and run any of the “cymulate” commands, it tells me that the command cannot be found.

adrian_cumberbatch

Lateral movement files left behind

I recently ran a LM simulation, which i manually stopped from the console because of time. Now, a week later, my EDR is still alerting me on memory or registry access attempts from the hopper. I checked the computer only to realize there is a CYM_hopper service running in the windows services, so it appears that the LM didn’t cleanup itself properly when terminated. Is there a way from Cymulate portal to clean up or does this have to be manually done at each affected computer?

Tracking and Closure of Security Findings in Assessments

I am currently conducting Best Practice assessments for the Email gateway team, endpoint security, web application firewall, and web gateway. After forwarding the assessment reports to the respective teams, they have confirmed that they have implemented the recommended mitigations. However, I'm facing a challenge in tracking the closure of these findings. The issue is that when I conduct future best practice assessments, I often discover new findings, and only a few from the previous assessment have been addressed.I'm seeking a solution, idea, or concept to effectively track the closure of my findings to ensure that recommended actions are implemented and that progress is made over time.

Cymulate MITRE dashboard

Hi Cymulate.How come the Cymulate MITRE ATT&CK heatmaps/dashboard contains more techniques than the actual MITRE framework? there are some Techniques (for example Control Panel Items T1196) that i cant find on the MITRE database for Enterprise/Mobile/ICS matrixes.Also, do Cymulate provide a data matrix of Technique coverage for each module? (including advanced) Thanks

Hopper Collected Credentials

Hello Cymulate community, Why is it that when using the Hopper collected credentials feature in Cymulate, only the first pass or character is being displayed?Thank you in advance. Mike

Ask the Community

Not sure how to do something in Cymulate?

Threat Alert

Tweets by CymulateLtd

Badges

gabriel_souzahas earned the badge Conversation Starter
Tiago_Marqueshas earned the badge Conversation Starter
NPCIhas earned the badge Conversation Starter
spopathas earned the badge Conversation Starter
johan_stejfkenshas earned the badge Conversation Starter
fordprefecthas earned the badge Conversation Starter

Show all badges

Powered by Gainsight

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Login

CUSTOMER / CYMULATE EMPLOYEE LOGIN

or

Username *

E-mail address *

First Name *

Last Name *

Country *

Company Name

(Private)

Only you and moderators can see this information

State

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Login

CUSTOMER / CYMULATE EMPLOYEE LOGIN

or

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK