Events
To Cymulate

Welcome to Cymulate Hub!

541 Topics
160 Replies
2,348 Members

Quick links

Release Notes

View latest features and updates

Welcome aboard!

Meet the newest members of our community

Cymulate Space

Ask, learn and connect

Knowledge Base

Search FAQ and Documentation

Threat Feed

Latest updates on cyber threats

Hot Topics

Recently active
Help others

Web Gateway agent

Hello,during the analysis of the report of the Immediate Threats test “GLOBEIMPOSTER RANSOMWARE WITH MEDUSALOCKER SPREADING VIA RDP” we verified that the access to a malicious URL has been correctly blocked. The related event registered by the SIEM reports:The action is blocked because “Not allowed to use this browser” The useragent reported in the event is “useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36”Our doubt is related to the fact that none of the reported browser version is currently installed on the host where the agent is running. We would like to ask if the agent uses an internal browser that is different from the default one used on the host? Thank you in advance!Lucio

Is Cymulate Capable of Web Application Vulnerability Assessment?

Hi All, I would like to know if Cymulate has any module which is having the feature of dynamic web application assesment and penetration testing?

Cymulate ResearcherEmployee

Researchers Feed

Putting a Stop to Command and Control Attacks: Here's HowBlog

Our research team just published a new advanced scenario template for Command and Control attack tactical steps. A full description is available here but you can get an immediate preview of how it looks in Cymulate Advanced Scenarios interface. Preview of the Command & Control Template in Action  After creating an assessment from the Top Credential Dumping Command & Control Template from the Advanced Scenario tab     Check the results.   : Get more information: Get mitigation guidance After mitigation, verify the implemented mitigation measures effectiveness at a click by re-running the assessment.      The Command and Control template is the third of an ongoing series of templates covering additional attack categories. The two previous ones were credential dumping executions that lead to gaining an initial foothold through abusing credentials, and data exfiltration executions leading to data theft. Knowing the effectiveness of people, processes, and technology enables or

leandro_catarina

Community Guide

How to use mitigation steps to block MSHTA execution scenarios

Cymulate ResearcherEmployee

THREAT ALERT 🚨 WEEKLY THREADNews

Dotrunpex – Demystifying new virtualized .net injector used in the wildDotRunpeX injector commonly comes as a second stage of the original infection.The typical first stages are very different variants of .NET loaders/downloaders.The first-stage loaders are primarily being delivered via phishing emails as malicious attachments (usually as a part of “.iso”, “.img”, “.zip”, and “.7z”) or via websites masquerading as regular program utilities.Apart from the most common infection vectors, the customers of dotRunpeX are not ashamed to abuse Google Ads or even target other potential attackers via trojanized malware builders.All of the trojanized programs contain the main .NET application enlarged with an overlay to avoid scanning with sandboxes very likely.The .NET applications with overlay are the typical first stages, behaving as dotnet loaders with simple obfuscation.These different variants of loaders use reflection to load the dotRunpeX injector in the second stage.Some of them are v

Cymulate ResearcherEmployee

Researchers Feed

Pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS

Cymulate’s honeypot network was able to track a massive load of exploitation of CVE-2022-27255 - RCE: with the the Suricata signature - “ET EXPLOIT Realtek eCos RSDK/MSDK Stack-based Buffer Overflow Attempt Inbound” ID: “2038669”CVE-2022-27255 [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27255]: Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.We think that these new attacks are related to the Infobyte demonstration on Defcon of a new vulnerability they found.The POC exploit provided by infobyte’s can be found on their github: https://github.com/infobyte/cve-2022-27255/tree/main/exploits_nexxtTheir github includes both analysis (test to see if you are vulnerable or not) and also the POC of the exploitation.This easily means that attackers follow all kinds of security confer

richard_bottiglieri

Service based agent connection

UPDATE: I just checked the console and now it appears to be connected. It looks like it takes about 10 to 15 minutes post-reboot to come up. Seems a bit long, but I’ll take it for now. :-) I recently installed the service based agent on three machines. Two are running Windows Server 2019 and the other is running Windows 10 Pro. The two machines running Windows Server are working properly. On the Windows 10 Pro machine, the service based agent will only connect to the gateway when the user account is logged on. Has anyone seen this? The PC is joined to an Azure AD domain, so it’s not a traditional AD setup. This agent is configured for the email assessments as well, while the other two are not. Any ideas on how to solve this, or is this expected behavior given how this machine is configured? Thanks.

richard_bottiglieri

Accessing the CLI

I have installed the latest Cymulate service based agent on my Windows 10 box. I cannot seem to find the CLI anywhere on the system. Is it installed with the agent installation or do I need to grab it from someplace on the site? When I open CMD as an admin and run any of the “cymulate” commands, it tells me that the command cannot be found.

Cymulate ResearcherEmployee

Advanced Scenario - APT 32Blog

APT 32 initiates its attack by downloading and executing a VBA script. It then proceeds to execute commands using the Windows Event Log, downloads a file from the internet, and executes a batch script. APT 32 creates persistence in the registry run keys and verifies the success of the created persistence. Then attempts to discover domain admins, steal credentials from the local machine, and use them to attempt lateral movement. It also maps admin shares, logs key inputs, discovers the file and directory structure, receives system information, encrypts files, and compresses and exfiltrates data in parallel. Finally, it lists credential files stored in current user AppData folders, performs DLL Search Order Hijacking, enumerates non-default installed applications, installs and runs a service, and creates a new user.

Add profile to service based agent - Could not save profile

Hi,When I attempt to add a user profile for testing with a domain user, after I click add, the cymulate interface comes back with “Could not save profile”The profile creation does not work. Tried with a couple of existing domain accounts and a new one.Does anyone know how to resolve this issue?Thanks,Richard

Web Gateway agent

Hello,during the analysis of the report of the Immediate Threats test “GLOBEIMPOSTER RANSOMWARE WITH MEDUSALOCKER SPREADING VIA RDP” we verified that the access to a malicious URL has been correctly blocked. The related event registered by the SIEM reports:The action is blocked because “Not allowed to use this browser” The useragent reported in the event is “useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36”Our doubt is related to the fact that none of the reported browser version is currently installed on the host where the agent is running. We would like to ask if the agent uses an internal browser that is different from the default one used on the host? Thank you in advance!Lucio

Is Cymulate Capable of Web Application Vulnerability Assessment?

Hi All, I would like to know if Cymulate has any module which is having the feature of dynamic web application assesment and penetration testing?

richard_bottiglieri

Service based agent connection

UPDATE: I just checked the console and now it appears to be connected. It looks like it takes about 10 to 15 minutes post-reboot to come up. Seems a bit long, but I’ll take it for now. :-) I recently installed the service based agent on three machines. Two are running Windows Server 2019 and the other is running Windows 10 Pro. The two machines running Windows Server are working properly. On the Windows 10 Pro machine, the service based agent will only connect to the gateway when the user account is logged on. Has anyone seen this? The PC is joined to an Azure AD domain, so it’s not a traditional AD setup. This agent is configured for the email assessments as well, while the other two are not. Any ideas on how to solve this, or is this expected behavior given how this machine is configured? Thanks.

richard_bottiglieri

Accessing the CLI

I have installed the latest Cymulate service based agent on my Windows 10 box. I cannot seem to find the CLI anywhere on the system. Is it installed with the agent installation or do I need to grab it from someplace on the site? When I open CMD as an admin and run any of the “cymulate” commands, it tells me that the command cannot be found.

Add profile to service based agent - Could not save profile

Hi,When I attempt to add a user profile for testing with a domain user, after I click add, the cymulate interface comes back with “Could not save profile”The profile creation does not work. Tried with a couple of existing domain accounts and a new one.Does anyone know how to resolve this issue?Thanks,Richard

Cloning real landing pages

Hello cymulate communityWe are designing Phishing campaigns and we would like to "clone" landing pages or login pages from our corporate websites because trying to copy them with the design tools is practically impossible.My users are trained to be wary of poorly designed pages. How do you load "realistic" templates for your campaigns? Thanks

Setup with Zscaler Proxy on Web Gateway?

What do I need to do to setup the Web Gateway assessment to work with Zscaler proxy?

Connect to GSuite without IMAP

We have a client with the need to access GSuite but has a policy to deny outgoing IMAP.Is there any plan to support HTTP API access?

Looking to ntegrate the Cymulate with the Microsoft Sentinel

I am new to the Cymulate and want to integrate with the Microsoft SentinelWant to understand how to Work on The integrationplease share any Docmentation for the referencing purpose

Agent authentication

We have been found that on system where Cymulate agent is installed and its https service is not getting up and showing red. It is shown that no authenticated client on the system.

Ask the Community

Not sure how to do something in Cymulate?

Events calendar

User leaderboard

Badges

Subhashisbhas earned the badge Conversation Starter
leandro_catarinahas earned the badge Conversation Starter
renier_steynhas earned the badge Rising star
richard_bottiglierihas earned the badge Conversation Starter
richard.allenhas earned the badge Rising star
javier_buesohas earned the badge Conversation Starter

Show all badges

Tweets by CymulateLtd

Powered by inSided

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Login

CUSTOMER / CYMULATE EMPLOYEE LOGIN

or

Username *

E-mail address *

First Name *

Last Name *

Country *

Company Name

(Private)

Only you and moderators can see this information

State

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Login

CUSTOMER / CYMULATE EMPLOYEE LOGIN

or

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK