Ask a Question

Question everything. Help others. Impart wisdom

100 Topics

Mike_U
Mike_U
published in Ask a Question

Windows Hello

Hey Cymulate team! We are using Windows Hello in the organization.We have configured Cymulate with SSO login, but any SSO login attempt is failing with the following error message:“Authentication method 'X509, Multifactor' by which the user authenticated with the service doesn't match requested authentication method 'Password', ProtectedTransport'.” Can you please assist?

131
or.hamra
6 days ago
S
Steve_Eyre
asked in Ask a Question

uploading payloads & tools

Hello! If i wanted to upload open source red team tools that are not already on the platform i assume this is permitted by Cymulate? it is not clear how to invoke these tools (for example; Cobalt strike) within assessments/executions. was unable to find documentation on it. could you please clarify?

2
S
Employee
18 days ago
H
hrseo
asked in Ask a Question

Regarding Dictionary for Password Spraying

Hi.I have confirmed that the default value used when testing Password Spraying in the Hopper module is "Aa123456".Is it possible for us to modify or configure this value ourselves? Similarly, can you please let us know if we can customize the dictionary data used during Brute Force testing in the Hopper module?Best Regards.

1
nirs
Employee
19 days ago
J
jovana_gojkovic
asked in Ask a Question

Are different attack vectors in Immediate Threat launched simultaneously, or sequentially?

Do the attack vectors for Immediate Threats  follow a sequential application, such as starting with the web gateway and then moving to the endpoint (like full kill chain), or are they independent of each other?

1
Y
Employee
28 days ago
F
FMI
asked in Ask a Question

Email gateway - O365 App-only authentication

We are going to setup the Service Based Agent for the Email gateway testing with the O365 App-only authentication method. In the requirements the User.Read.All application permission is required (see the link above). This means that info about all users is available.As we want to conduct test in the production environment this is a security issue and we would  like to know what is the reason for this kind of permission as for the email gateway testing emails are received only in that particular mailbox used for testing. Concerning the proposed limitation of Cymulate to specific mailbox (https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access.) does not solve this issue as it is applicable to the mailbox as such, not to users.

9
S
Employee
1 month ago
P
perc_tomas
asked in Ask a Question

Document on Data Exfiltration

Hi,Is there a documentation/knowledgebase article that specifies which applications/services use API calls to upload files on Data Exfiltration?  

1
idant
Community Manager
1 month ago
A
andresbalidea
asked in Ask a Question

Connect to GSuite without IMAP

We have a client with the need to access GSuite but has a policy to deny outgoing IMAP.Is there any plan to support HTTP API access? 

5
S
Employee
2 months ago
D
david_pearson
asked in Ask a Question

Barracuda Email Gateway Pre-Reqs?

How do you go about allow listing in the Barracuda email gateway defence platform so that the score is true to the effeteness of the SEG and does not allow all emails through? 

1
R
Employee
2 months ago
R
Richard_Yawe
asked in Ask a Question

Custom Execution directory for EndPoint Security Not Working

On the service based agent for Windows it says I can choose a different execution directory for the EndPoint Security module. I have tried to change this but the files are still dropped in c:\ProgramData\Cymulate\AV.Has anyone experienced a similar problem?

2
R
2 months ago
V
viraj_korgaonkar
asked in Ask a Question

Advance scenario pre-requisite

Its asking to install bash in pre-requisite on our system its already installed. Please let me know what further needs to be done

3
S
Employee
2 months ago
E
eric_olivares
asked in Ask a Question

License

How can I see the cymulate version that I have

3
S
Employee
2 months ago
W
whisler_soineus
asked in Ask a Question

How to set firewall rule for simulate

I want to use only 3 devices for the cymulate test. How can I configure firewall in my network for the post running cymulate agent?

1
R
Employee
2 months ago
J
jovana_gojkovic
asked in Ask a Question

Is the overall score medium value of scores of single modules? If not, how is it calculated?

I would like to know exactly how is the overall score calculated. Does not seems to be the medium value of single scores of modules (email, gateway, endpoint ..).

3
idant
Community Manager
2 months ago
Chris Yoo
Chris Yoo
asked in Ask a Question

Question regarding integration

 Why can't I click "EDIT" on an integration?

1
idant
Community Manager
2 months ago
N
nithun_chand
asked in Ask a Question

Recommended account to run Lateral Movement?

We would like to simulate Lateral Movement and what’s the recommended account type for the same? Simply run with the SYSTEM account/Create a local account/run using a domain account? 

1
idant
Community Manager
2 months ago
N
nithun_chand
asked in Ask a Question

Cymulate Training?

Im new to this tool and doesn’t see any help files/trainings related to configurations, best practices etc. Is there a place where I can get a proper training before I mess up things doing alone? 

3
S
Employee
2 months ago
H
hector_chimal_ortiz
asked in Ask a Question

Is there any campaing for IOS?

I would like to know if there’s any campaing we can launch for IOS.

5
M
Employee
3 months ago
U
uiliam_mello
asked in Ask a Question

WebGateway/Browsing - way to collect URL's in real time

Hi all,Is there any way, during the execution of tests involving Web Gateway (browsing, phishing, etc), from the Cymulate environment (agent or API logs, or even integration with Splunk via SPL), to allow the collection of IOC's (URL's mostly) in realtime? The goal is to send it to the SIEM (Splunk) and correlate it with firewall and proxy logs (for example) so that the team is told that that connection to that URL is related to Cymulate tests. What I have identified so far at this level is the collection via API (feeds and technical reports) but this collection is only possible when the tests are finished, but some tests, depending on the scope, take up to 3 days to complete.RegardsUiliam Mello

4
U
3 months ago
J
jatin_sadaye
asked in Ask a Question

Hopper assessment query

Hopper assessment is partially completed, and following error is displayed “The Hopper was unable to communicate the exit reason to the agent.” 

1
nirs
Employee
3 months ago
Mike_U
Mike_U
asked in Ask a Question

Trouble Running Mail Relay Attacks

I'm experiencing an issue where I'm unable to run mail relay attacks on my target email address. Despite the agent being turned on, I keep receiving an error message stating that the agent isn't turned on. I've already restarted both my PC and the agent, but the problem persists. How can I resolve this issue? Any suggestions would be greatly appreciated.

1
R
Employee
3 months ago
S
siddhesh_vast
asked in Ask a Question

Incident response

Dear Team,I could see an ‘Incident response’ tab in Endpoint security reports which I guess should be related to the integrations. We have integrated Cymulate with Splunk and Trendmicro Vision one solutions. However, we could see that the Incident response tab is still disabled and could not be used. Could you please let us know how do we enable this tab and the related use cases. PFA. below snap for your reference. 

2
S
Employee
3 months ago
F
FMI
asked in Ask a Question

Email gateway score calculation

Hi, after running the email gateway test, the score was displayed. I tried to find any info how exactly the score is calculated from  penetration ratios for individual attack types. In the article related to the score calculation methodology there is stated that the score is based on attack type results using weights based on the probability/impact of individual attack types.Is there any info describing exact formula, how the score was calculated ?  

0
F
3 months ago
ozzieynr
ozzieynr
asked in Ask a Question

Carbon Black EDR Integration

Hello teamThe document of Integration with Carbon Black for Cloud solution? The customer is using an on-premie solution but I couldn't find the steps shown in the document on the on-prime device.   

1
S
Employee
3 months ago
J
Jerry_Hsieh
asked in Ask a Question

What http methods is used in Data Exfiltration ?

Hello Teams,I’m a MSSP , my client sent me a issues that their DLP vendor said their solution can only detect data is tried to exfiltrate by http get methods.I can find Browsing HTTP/HTTPS this channel is using http get response to exfiltrate data to Cymulate.But, what about other channels?In attack logs , I can see onedirve、github ,these channels are using API call : PUT https://xxxx.xxxxxIt seems using http put methods , right?Could you help me to clarified for what http methods will be used in each channels?That’s my client and their DLP vendor wondering to know , then they will try to optimize their solution. 

2
J
4 months ago
V
viraj_korgaonkar
asked in Ask a Question

WAF application || NGNIX

Hello Team, On of our application is on NGINX web server. We have to perform the WAF assessment for that application.While creating the WAF template which OS need to be selected to perform the assessment for NGNIX server. 

1
M
Employee
4 months ago

Badge winners

  • Conversation Starter
    Patriciahas earned the badge Conversation Starter
  • Conversation Starter
    Steve_Eyrehas earned the badge Conversation Starter
  • Conversation Starter
    hrseohas earned the badge Conversation Starter
  • Rising star
    nirshas earned the badge Rising star
  • Product expert
    Yahav Levinhas earned the badge Product expert
Show all badges
Terms & ConditionsCookie settings