Ask a Question

Didn’t see what you’re looking for? Start a new topic. Help is on the way!

  • 67 Topics
  • 102 Replies

67 Topics

L
lucio_de_luca
asked in Ask a Question

Web Gateway agent

Hello,during the analysis of the report of the Immediate Threats test “GLOBEIMPOSTER RANSOMWARE WITH MEDUSALOCKER SPREADING VIA RDP” we verified that the access to a malicious URL has been correctly blocked. The related event registered by the SIEM reports:The action is blocked because “Not allowed to use this browser” The useragent reported in the event is “useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36”Our doubt is related to the fact that none of the reported browser version is currently installed on the host where the agent is running. We would like to ask if the agent uses an internal browser that is different from the default one used on the host? Thank you in advance!Lucio

0
L
2 days ago
S
Subhashisb
asked in Ask a Question

Is Cymulate Capable of Web Application Vulnerability Assessment?

Hi All, I would like to know if Cymulate has any module which is having the feature of dynamic web application assesment and penetration testing?

2
S
5 days ago
R
richard_bottiglieri
asked in Ask a Question

Service based agent connection

UPDATE: I just checked the console and now it appears to be connected. It looks like it takes about 10 to 15 minutes post-reboot to come up. Seems a bit long, but I’ll take it for now. :-) I recently installed the service based agent on three machines. Two are running Windows Server 2019 and the other is running Windows 10 Pro. The two machines running Windows Server are working properly. On the Windows 10 Pro machine, the service based agent will only connect to the gateway when the user account is logged on. Has anyone seen this? The PC is joined to an Azure AD domain, so it’s not a traditional AD setup. This agent is configured for the email assessments as well, while the other two are not. Any ideas on how to solve this, or is this expected behavior given how this machine is configured? Thanks.

0
R
1 month ago
R
richard_bottiglieri
asked in Ask a Question

Accessing the CLI

I have installed the latest Cymulate service based agent on my Windows 10 box. I cannot seem to find the CLI anywhere on the system. Is it installed with the agent installation or do I need to grab it from someplace on the site? When I open CMD as an admin and run any of the “cymulate” commands, it tells me that the command cannot be found.

3
R
1 month ago
R
richard.allen
asked in Ask a Question

Add profile to service based agent - Could not save profile

Hi,When I attempt to add a user profile for testing with a domain user, after I click add, the cymulate interface comes back with “Could not save profile”The profile creation does not work.  Tried with a couple of existing domain accounts and a new one.Does anyone know how to resolve this issue?Thanks,Richard 

3
R
1 month ago
R
richard.allen
asked in Ask a Question

Agent Not Elevated - Service agent needs to be elevated to run Advanced Scenarios

When I attempt to run advanced scenarios, such as “ Domain Password Strength Evaluation”, the agent needs to be elevated. As it is not, the scenario fails to run.Does this need the service account that runs on the cymulate server to use a domain account and one specifically with privileged rights?What is the recommended approach and is there a tech note to cover this?Thanks,Richard

3
R
1 month ago
J
javier_bueso
asked in Ask a Question

Cloning real landing pages

Hello cymulate communityWe are designing Phishing campaigns and we would like to "clone" landing pages or login pages from our corporate websites because trying to copy them with the design tools is practically impossible.My users are trained to be wary of poorly designed pages.  How do you load "realistic" templates for your campaigns? Thanks 

1
M
Employee
1 month ago
D
david_pearson
asked in Ask a Question

Setup with Zscaler Proxy on Web Gateway?

What do I need to do to setup the Web Gateway assessment to work with Zscaler proxy?  

2
D
1 month ago
A
andresbalidea
asked in Ask a Question

Connect to GSuite without IMAP

We have a client with the need to access GSuite but has a policy to deny outgoing IMAP.Is there any plan to support HTTP API access? 

4
S
Employee
1 month ago
I
it_support
asked in Ask a Question

Where to find Client ID for Cymulate portal

Hello Team,I am in process of setting up SSO for Azure and it required Client ID from Cymulate portal.As per the instruction, it should be next to Name and it is a combination of numbers and letters but I could not see it anywhere. Can you please share your thoughts on this one?

1
I
1 month ago
N
naveen matthi
asked in Ask a Question

Looking to ntegrate the Cymulate with the Microsoft Sentinel

I am new to the Cymulate and want to integrate with the Microsoft SentinelWant to understand how to Work on The integrationplease share any Docmentation for the referencing purpose

1
idant
Community Manager
2 months ago
I
inakiruiz
asked in Ask a Question

[Endpoint Security Module] Access is denied

Hello everyone!I have launched an Endpoint Security Assessment which has failed. The main error is “Access is denied”:An error occurred trying to start process 'C:\Program Files\Cymulate\Agent\Executor\36.0\CymulateEDRScenarioExecutor.exe' with working directory 'C:\Program Files\Cymulate\Agent\Executor\36.0'. Access is denied.I have slightly debugged the problem and I can confirm that the user exists on the machine as well as the exceptions made in the EDR are the following:ProgramData\Cymulate\Agent\** Program Files\Cymulate\Executor\** Program Files\Cymulate\CLI\** Program Files\Cymulate\Service\** Program Files\Cymulate\Agent\*Has anyone else experienced this error on Endpoint Security Module or in another one? How could I debug deeper this error?Thank you very much!

1
David_Kellerman_CISSP
Employee
2 months ago
D
david_pearson
asked in Ask a Question

Service Based Agent - Reconnect

Morning, Does any know what would happen in the below scenario should the agent lose connectivity to the network when running an Endpoint Security assessmentWould it reconnect and continue when a network is available? Would it have to be on the same network for the assessment to start ruining against from where it left off? Is there a time limit to how long before it would give up and not try reconnecting?Any help/ knowledge shared would be greatly appreciated. 

1
O
Employee
2 months ago
L
lucio_de_luca
asked in Ask a Question

Agent log disk space

Hello!Are there any best practice to manage agent logs on Windows machines?Specifically we are interested into best practices to manage the disk space, because we verified that after an year the disk is full and we need to decide which logs can be deleted.Moreover is there a configuration in the Agent or in the platform that can be set to overwrite past logs. Thank you,Lucio 

5
M
Employee
3 months ago
T
tonyl
asked in Ask a Question

Configurate the Hopper template

HiRef to this guide  If I don´t define any Scope Range and leave the field empty, will the agent scan and try to reach every singel network/IP it can find? Or the agent will never leave the server that the agent was installed. So final question is it require to fill the scope or exclude range?

1
R
Employee
3 months ago
T
tonyl
asked in Ask a Question

Cymulate Cloud server

Hi. When a Hopper report are uploaded to the Cymulate Cloud server. In which country are the server placed?  Tony

3
nirs
Employee
3 months ago
T
tonyl
asked in Ask a Question

Abort a running Hopper assessment

Hi Is it possible to abort a (lateral movement) Hopper assessment after launch?And what will happen with the Hopper “agent” if the agent was able to jumpe to let say 3 server? Will the agent kill the Hopper “process” it self if don´t get some kind of “keep-alive” signal back from “mother” Hopper. Or the Hopper will continued to doing task until it don´t get any feedback.

3
S
Employee
4 months ago
J
jatin_sadaye
asked in Ask a Question

Agent authentication

We have been found that on system where Cymulate agent is installed and its https service is not getting up and showing red. It is shown that no authenticated client on the system.

2
S
Employee
4 months ago
S
siddhesh_vast
asked in Ask a Question

CVE-2022-42889

Hello, I am reaching out to check if there are some IOC’s/payloads available to test WAF controls against CVE-2022-42889. Any help much appreciated.

1
dave_klein
5 months ago
Mike_U
Mike_U
asked in Ask a Question

Hopper ports

Hey guys! Can you please tell me all the port numbers that are supported by the hopper?I know the below protocol is supported by hopper.---------------------SMBWMI/DCOM/RPCRDPSSHWinRMMSSQL   Thank you! 

0
Mike_U
5 months ago
Terry_E
Terry_E
asked in Ask a Question

Linux machine

Hey everyone!Is there any limitation about OS version and distribution when a Linux machine is used as a remote machine (target)?

1
M
5 months ago
Chris Yoo
Chris Yoo
asked in Ask a Question

Question regarding Running multiple assessments.

Please advise How many assessments can be performed at the same time. The conditions are like・ Different target terminals・ Same or different scenarios

2
idant
Community Manager
5 months ago
Terry_E
Terry_E
asked in Ask a Question

Creating a new Environment

Can I ask about the benefit of creating a new "Environment"? Can we start the assessment in parallel?

1
E
Employee
5 months ago
U
upendra_kumar
asked in Ask a Question

What are the code changes required to run power shell script in command prompt

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12$systemProxy = [System.Net.WebRequest]::GetSystemWebproxy()$systemProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials$proxy = $systemProxy.GetProxy("https://cym-rt-resources.s3-eu-west-1.amazonaws.com/Import-ActiveDirectory.ps1")if ($proxy.AbsoluteUri -ne "https://cym-rt-resources.s3-eu-west-1.amazonaws.com/Import-ActiveDirectory.ps1"){    iex (new-Object Net.WebClient).DownloadString('https://cym-rt-resources.s3-eu-west-1.amazonaws.com/Import-ActiveDirectory.ps1')}else {    iex (new-Object Net.WebClient).DownloadString('https://cym-rt-resources.s3-eu-west-1.amazonaws.com/Import-ActiveDirectory.ps1')}Import-ActiveDirectory$dcfqdn = 'default.local'if($dcfqdn -eq "default.local"){  $domain = Get-ADDomainController | Select Domain  $dc = Get-ADDomainController | Select Name  $dcfqdn = $dc.Name+"."+$domain.Domain}$string_path = Split-Path $env:temp\adfind.exe$env:temp\adfind.exe -h

1
R
5 months ago
N
nithun_chand
asked in Ask a Question

Endpoint Security Assessment Report shows NO EDR INTEGRATION? How do we trust this report?

I have my EDR tool integrated with Cymulate. I ran an Endpoint Security Assessment which took almost 12 hours to complete with Cymulate Best Practice template but the generated report shows no EDR integrated and hence high risk score ! That sounds very ironic and confusing. Is this how it is supposed to work? Anyone facing similar issue?

0
N
6 months ago

Badge winners

Show all badges
Terms & ConditionsCookie settings