Hi Team - We notice that all processes executed when running an assessment reside under a parent process PPID Cymulate.Agent.Service
Process Questions:-
1 - does the EDRScenarioExecutor process execute All the assessment techniques such as Remote process injection, Reflective DLL injection, Fork & Run, Userland unhooking etc? we assume it does?
2- Is there any detailed documentation on how the EDRScenarioExecutor process behaves?
Stager Question:-
1 - There are several Stager options in the BAS module (Powershell/Control panel etc) however there is little documentation i can find on how these operate in Cymulate. Could this be explained by the team or documented in more detail to understand better?
Best answer by moshe_elias
View original