Ask a Question
Question everything. Help others. Impart wisdom
Hey Cymulate team! We are using Windows Hello in the organization.We have configured Cymulate with SSO login, but any SSO login attempt is failing with the following error message:“Authentication method 'X509, Multifactor' by which the user authenticated with the service doesn't match requested authentication method 'Password', ProtectedTransport'.” Can you please assist?
Hello! If i wanted to upload open source red team tools that are not already on the platform i assume this is permitted by Cymulate? it is not clear how to invoke these tools (for example; Cobalt strike) within assessments/executions. was unable to find documentation on it. could you please clarify?
Hi.I have confirmed that the default value used when testing Password Spraying in the Hopper module is "Aa123456".Is it possible for us to modify or configure this value ourselves? Similarly, can you please let us know if we can customize the dictionary data used during Brute Force testing in the Hopper module?Best Regards.
We are going to setup the Service Based Agent for the Email gateway testing with the O365 App-only authentication method. In the requirements the User.Read.All application permission is required (see the link above). This means that info about all users is available.As we want to conduct test in the production environment this is a security issue and we would like to know what is the reason for this kind of permission as for the email gateway testing emails are received only in that particular mailbox used for testing. Concerning the proposed limitation of Cymulate to specific mailbox (https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access.) does not solve this issue as it is applicable to the mailbox as such, not to users.
On the service based agent for Windows it says I can choose a different execution directory for the EndPoint Security module. I have tried to change this but the files are still dropped in c:\ProgramData\Cymulate\AV.Has anyone experienced a similar problem?
Hi all,Is there any way, during the execution of tests involving Web Gateway (browsing, phishing, etc), from the Cymulate environment (agent or API logs, or even integration with Splunk via SPL), to allow the collection of IOC's (URL's mostly) in realtime? The goal is to send it to the SIEM (Splunk) and correlate it with firewall and proxy logs (for example) so that the team is told that that connection to that URL is related to Cymulate tests. What I have identified so far at this level is the collection via API (feeds and technical reports) but this collection is only possible when the tests are finished, but some tests, depending on the scope, take up to 3 days to complete.RegardsUiliam Mello
I'm experiencing an issue where I'm unable to run mail relay attacks on my target email address. Despite the agent being turned on, I keep receiving an error message stating that the agent isn't turned on. I've already restarted both my PC and the agent, but the problem persists. How can I resolve this issue? Any suggestions would be greatly appreciated.
Dear Team,I could see an ‘Incident response’ tab in Endpoint security reports which I guess should be related to the integrations. We have integrated Cymulate with Splunk and Trendmicro Vision one solutions. However, we could see that the Incident response tab is still disabled and could not be used. Could you please let us know how do we enable this tab and the related use cases. PFA. below snap for your reference.
Hi, after running the email gateway test, the score was displayed. I tried to find any info how exactly the score is calculated from penetration ratios for individual attack types. In the article related to the score calculation methodology there is stated that the score is based on attack type results using weights based on the probability/impact of individual attack types.Is there any info describing exact formula, how the score was calculated ?
Hello Teams,I’m a MSSP , my client sent me a issues that their DLP vendor said their solution can only detect data is tried to exfiltrate by http get methods.I can find Browsing HTTP/HTTPS this channel is using http get response to exfiltrate data to Cymulate.But, what about other channels?In attack logs , I can see onedirve、github ,these channels are using API call : PUT https://xxxx.xxxxxIt seems using http put methods , right?Could you help me to clarified for what http methods will be used in each channels?That’s my client and their DLP vendor wondering to know , then they will try to optimize their solution.
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.