Cymulate Processes question & Stager options

Question

Hi Team - We notice that all processes executed when running an assessment reside under a parent process PPID Cymulate.Agent.Service

Process Questions:-

1 - does the EDRScenarioExecutor process execute All the assessment techniques such as Remote process injection, Reflective DLL injection, Fork & Run, Userland unhooking etc? we assume it does?

2- Is there any detailed documentation on how the EDRScenarioExecutor process behaves?

Stager Question:-

1 - There are several Stager options in the BAS module (Powershell/Control panel etc) however there is little documentation i can find on how these operate in Cymulate. Could this be explained by the team or documented in more detail to understand better?

icon

Best answer by moshe_elias 29 November 2023, 10:09

View original

moshe_elias · Accepted Answer

Hi Steve,Yes, the process EDRScenarioExecutor starts all scenarios, your assumption is correct😉Regarding your request for documentation of the execution flow and the stagers, we are in process of updating the Knowledge Base and will include this topic at a later time.Best regards,Moshe

Cymulate Processes question & Stager options

1 reply

Reply

Reply

Sign up

Login

Login to the community

Login

Scanning file for viruses.

This file cannot be downloaded