Ask a Question

Question everything. Help others. Impart wisdom

88 Topics

J
Jerry_Hsieh
asked in Ask a Question

What http methods is used in Data Exfiltration ?

Hello Teams,I’m a MSSP , my client sent me a issues that their DLP vendor said their solution can only detect data is tried to exfiltrate by http get methods.I can find Browsing HTTP/HTTPS this channel is using http get response to exfiltrate data to Cymulate.But, what about other channels?In attack logs , I can see onedirve、github ,these channels are using API call : PUT https://xxxx.xxxxxIt seems using http put methods , right?Could you help me to clarified for what http methods will be used in each channels?That’s my client and their DLP vendor wondering to know , then they will try to optimize their solution. 

2
J
4 days ago
V
viraj_korgaonkar
asked in Ask a Question

WAF application || NGNIX

Hello Team, On of our application is on NGINX web server. We have to perform the WAF assessment for that application.While creating the WAF template which OS need to be selected to perform the assessment for NGNIX server. 

1
M
Employee
12 days ago
R
rupa_sharma
asked in Ask a Question

Vulnerability Scanning

How does Cymulate covers Vulnerability Scanning?

1
idant
Community Manager
1 month ago
R
riccardo_zollo
asked in Ask a Question

How to view attack traces of past scenarios?

Hello everyone.Is it possible to view and download attack trace files from previous scenarios?As far as I am aware, it is possible to only download attack traces from current scenarios, or scenarios that have just been completed. Thanks in advance.RZ

1
R
Employee
1 month ago
M
madu_hettige
asked in Ask a Question

What kind of an account need to run Cymulate Agent

Prior to configure the Cymulate agent we are going to create a separate domain account just for the purpose of these testing. What kind of an account is preferred, User account with local admin privileges or Service account with elevated privileges ?

1
R
Employee
1 month ago
J
Jason.Foo
asked in Ask a Question

auto update not updating Windows service based agent

Hi,  Windows service based agent version 5.84.50.0 is not updating to the latest version even with auto update turned on.

1
R
Employee
1 month ago
L
lac_lac
asked in Ask a Question

VAPT vs BAS

In your idea why a customer should do a BAS if they already have gone through vapt?

2
R
Employee
1 month ago
L
lucio_de_luca
asked in Ask a Question

Web Gateway agent

Hello,during the analysis of the report of the Immediate Threats test “GLOBEIMPOSTER RANSOMWARE WITH MEDUSALOCKER SPREADING VIA RDP” we verified that the access to a malicious URL has been correctly blocked. The related event registered by the SIEM reports:The action is blocked because “Not allowed to use this browser” The useragent reported in the event is “useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36”Our doubt is related to the fact that none of the reported browser version is currently installed on the host where the agent is running. We would like to ask if the agent uses an internal browser that is different from the default one used on the host? Thank you in advance!Lucio

2
L
1 month ago
N
nithun_chand
asked in Ask a Question

Immediate Threats - Crowdstrike Doesn't show file execution logs

Hi All, I was analyzing few immediate threat reports and saw some binaries were executed by Cymulate and not prevented by Crowdstrike. But a hash search in CS doesn’t show any signs of the file execution? Why does this happen? Is this something to do with the file exclusion?

1
S
Employee
2 months ago
S
Subhashisb
asked in Ask a Question

Is Cymulate Capable of Web Application Vulnerability Assessment?

Hi All, I would like to know if Cymulate has any module which is having the feature of dynamic web application assesment and penetration testing?

2
S
2 months ago
R
richard_bottiglieri
asked in Ask a Question

Service based agent connection

UPDATE: I just checked the console and now it appears to be connected. It looks like it takes about 10 to 15 minutes post-reboot to come up. Seems a bit long, but I’ll take it for now. :-) I recently installed the service based agent on three machines. Two are running Windows Server 2019 and the other is running Windows 10 Pro. The two machines running Windows Server are working properly. On the Windows 10 Pro machine, the service based agent will only connect to the gateway when the user account is logged on. Has anyone seen this? The PC is joined to an Azure AD domain, so it’s not a traditional AD setup. This agent is configured for the email assessments as well, while the other two are not. Any ideas on how to solve this, or is this expected behavior given how this machine is configured? Thanks.

0
R
3 months ago
R
richard_bottiglieri
asked in Ask a Question

Accessing the CLI

I have installed the latest Cymulate service based agent on my Windows 10 box. I cannot seem to find the CLI anywhere on the system. Is it installed with the agent installation or do I need to grab it from someplace on the site? When I open CMD as an admin and run any of the “cymulate” commands, it tells me that the command cannot be found.

3
R
3 months ago
R
richard.allen
asked in Ask a Question

Add profile to service based agent - Could not save profile

Hi,When I attempt to add a user profile for testing with a domain user, after I click add, the cymulate interface comes back with “Could not save profile”The profile creation does not work.  Tried with a couple of existing domain accounts and a new one.Does anyone know how to resolve this issue?Thanks,Richard 

3
R
3 months ago
R
richard.allen
asked in Ask a Question

Agent Not Elevated - Service agent needs to be elevated to run Advanced Scenarios

When I attempt to run advanced scenarios, such as “ Domain Password Strength Evaluation”, the agent needs to be elevated. As it is not, the scenario fails to run.Does this need the service account that runs on the cymulate server to use a domain account and one specifically with privileged rights?What is the recommended approach and is there a tech note to cover this?Thanks,Richard

3
R
3 months ago
J
javier_bueso
asked in Ask a Question

Cloning real landing pages

Hello cymulate communityWe are designing Phishing campaigns and we would like to "clone" landing pages or login pages from our corporate websites because trying to copy them with the design tools is practically impossible.My users are trained to be wary of poorly designed pages.  How do you load "realistic" templates for your campaigns? Thanks 

1
M
Employee
3 months ago
D
david_pearson
asked in Ask a Question

Setup with Zscaler Proxy on Web Gateway?

What do I need to do to setup the Web Gateway assessment to work with Zscaler proxy?  

2
D
3 months ago
A
andresbalidea
asked in Ask a Question

Connect to GSuite without IMAP

We have a client with the need to access GSuite but has a policy to deny outgoing IMAP.Is there any plan to support HTTP API access? 

4
S
Employee
3 months ago
I
it_support
asked in Ask a Question

Where to find Client ID for Cymulate portal

Hello Team,I am in process of setting up SSO for Azure and it required Client ID from Cymulate portal.As per the instruction, it should be next to Name and it is a combination of numbers and letters but I could not see it anywhere. Can you please share your thoughts on this one?

1
I
4 months ago
N
naveen matthi
asked in Ask a Question

Looking to ntegrate the Cymulate with the Microsoft Sentinel

I am new to the Cymulate and want to integrate with the Microsoft SentinelWant to understand how to Work on The integrationplease share any Docmentation for the referencing purpose

1
idant
Community Manager
4 months ago
I
inakiruiz
asked in Ask a Question

[Endpoint Security Module] Access is denied

Hello everyone!I have launched an Endpoint Security Assessment which has failed. The main error is “Access is denied”:An error occurred trying to start process 'C:\Program Files\Cymulate\Agent\Executor\36.0\CymulateEDRScenarioExecutor.exe' with working directory 'C:\Program Files\Cymulate\Agent\Executor\36.0'. Access is denied.I have slightly debugged the problem and I can confirm that the user exists on the machine as well as the exceptions made in the EDR are the following:ProgramData\Cymulate\Agent\** Program Files\Cymulate\Executor\** Program Files\Cymulate\CLI\** Program Files\Cymulate\Service\** Program Files\Cymulate\Agent\*Has anyone else experienced this error on Endpoint Security Module or in another one? How could I debug deeper this error?Thank you very much!

1
David_Kellerman_CISSP
Employee
4 months ago
D
david_pearson
asked in Ask a Question

Service Based Agent - Reconnect

Morning, Does any know what would happen in the below scenario should the agent lose connectivity to the network when running an Endpoint Security assessmentWould it reconnect and continue when a network is available? Would it have to be on the same network for the assessment to start ruining against from where it left off? Is there a time limit to how long before it would give up and not try reconnecting?Any help/ knowledge shared would be greatly appreciated. 

1
O
Employee
4 months ago
L
lucio_de_luca
asked in Ask a Question

Agent log disk space

Hello!Are there any best practice to manage agent logs on Windows machines?Specifically we are interested into best practices to manage the disk space, because we verified that after an year the disk is full and we need to decide which logs can be deleted.Moreover is there a configuration in the Agent or in the platform that can be set to overwrite past logs. Thank you,Lucio 

5
M
Employee
5 months ago
T
tonyl
asked in Ask a Question

Configurate the Hopper template

HiRef to this guide  If I don´t define any Scope Range and leave the field empty, will the agent scan and try to reach every singel network/IP it can find? Or the agent will never leave the server that the agent was installed. So final question is it require to fill the scope or exclude range?

1
R
Employee
5 months ago
T
tonyl
asked in Ask a Question

Cymulate Cloud server

Hi. When a Hopper report are uploaded to the Cymulate Cloud server. In which country are the server placed?  Tony

3
nirs
Employee
5 months ago
T
tonyl
asked in Ask a Question

Abort a running Hopper assessment

Hi Is it possible to abort a (lateral movement) Hopper assessment after launch?And what will happen with the Hopper “agent” if the agent was able to jumpe to let say 3 server? Will the agent kill the Hopper “process” it self if don´t get some kind of “keep-alive” signal back from “mother” Hopper. Or the Hopper will continued to doing task until it don´t get any feedback.

3
S
Employee
6 months ago

Badge winners

Show all badges
Terms & ConditionsCookie settings