Ask a Question

Didn’t see what you’re looking for? Start a new topic. Help is on the way!

  • 96 Topics
  • 161 Replies

96 Topics

R
rupa_sharma
asked in Ask a Question

Vulnerability Scanning

How does Cymulate covers Vulnerability Scanning?

1
idant
Community Manager
5 months ago
R
riccardo_zollo
asked in Ask a Question

How to view attack traces of past scenarios?

Hello everyone.Is it possible to view and download attack trace files from previous scenarios?As far as I am aware, it is possible to only download attack traces from current scenarios, or scenarios that have just been completed. Thanks in advance.RZ

1
R
Employee
5 months ago
M
madu_hettige
asked in Ask a Question

What kind of an account need to run Cymulate Agent

Prior to configure the Cymulate agent we are going to create a separate domain account just for the purpose of these testing. What kind of an account is preferred, User account with local admin privileges or Service account with elevated privileges ?

1
R
Employee
5 months ago
J
Jason.Foo
asked in Ask a Question

auto update not updating Windows service based agent

Hi,  Windows service based agent version 5.84.50.0 is not updating to the latest version even with auto update turned on.

1
R
Employee
5 months ago
L
lac_lac
asked in Ask a Question

VAPT vs BAS

In your idea why a customer should do a BAS if they already have gone through vapt?

2
R
Employee
5 months ago
L
lucio_de_luca
asked in Ask a Question

Web Gateway agent

Hello,during the analysis of the report of the Immediate Threats test “GLOBEIMPOSTER RANSOMWARE WITH MEDUSALOCKER SPREADING VIA RDP” we verified that the access to a malicious URL has been correctly blocked. The related event registered by the SIEM reports:The action is blocked because “Not allowed to use this browser” The useragent reported in the event is “useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36”Our doubt is related to the fact that none of the reported browser version is currently installed on the host where the agent is running. We would like to ask if the agent uses an internal browser that is different from the default one used on the host? Thank you in advance!Lucio

2
L
5 months ago
N
nithun_chand
asked in Ask a Question

Immediate Threats - Crowdstrike Doesn't show file execution logs

Hi All, I was analyzing few immediate threat reports and saw some binaries were executed by Cymulate and not prevented by Crowdstrike. But a hash search in CS doesn’t show any signs of the file execution? Why does this happen? Is this something to do with the file exclusion?

1
S
Employee
5 months ago
S
Subhashisb
asked in Ask a Question

Is Cymulate Capable of Web Application Vulnerability Assessment?

Hi All, I would like to know if Cymulate has any module which is having the feature of dynamic web application assesment and penetration testing?

2
S
6 months ago
R
richard_bottiglieri
asked in Ask a Question

Service based agent connection

UPDATE: I just checked the console and now it appears to be connected. It looks like it takes about 10 to 15 minutes post-reboot to come up. Seems a bit long, but I’ll take it for now. :-) I recently installed the service based agent on three machines. Two are running Windows Server 2019 and the other is running Windows 10 Pro. The two machines running Windows Server are working properly. On the Windows 10 Pro machine, the service based agent will only connect to the gateway when the user account is logged on. Has anyone seen this? The PC is joined to an Azure AD domain, so it’s not a traditional AD setup. This agent is configured for the email assessments as well, while the other two are not. Any ideas on how to solve this, or is this expected behavior given how this machine is configured? Thanks.

0
R
7 months ago
R
richard_bottiglieri
asked in Ask a Question

Accessing the CLI

I have installed the latest Cymulate service based agent on my Windows 10 box. I cannot seem to find the CLI anywhere on the system. Is it installed with the agent installation or do I need to grab it from someplace on the site? When I open CMD as an admin and run any of the “cymulate” commands, it tells me that the command cannot be found.

3
R
7 months ago
R
richard.allen
asked in Ask a Question

Add profile to service based agent - Could not save profile

Hi,When I attempt to add a user profile for testing with a domain user, after I click add, the cymulate interface comes back with “Could not save profile”The profile creation does not work.  Tried with a couple of existing domain accounts and a new one.Does anyone know how to resolve this issue?Thanks,Richard 

3
R
7 months ago
R
richard.allen
asked in Ask a Question

Agent Not Elevated - Service agent needs to be elevated to run Advanced Scenarios

When I attempt to run advanced scenarios, such as “ Domain Password Strength Evaluation”, the agent needs to be elevated. As it is not, the scenario fails to run.Does this need the service account that runs on the cymulate server to use a domain account and one specifically with privileged rights?What is the recommended approach and is there a tech note to cover this?Thanks,Richard

3
R
7 months ago
J
javier_bueso
asked in Ask a Question

Cloning real landing pages

Hello cymulate communityWe are designing Phishing campaigns and we would like to "clone" landing pages or login pages from our corporate websites because trying to copy them with the design tools is practically impossible.My users are trained to be wary of poorly designed pages.  How do you load "realistic" templates for your campaigns? Thanks 

1
M
Employee
7 months ago
D
david_pearson
asked in Ask a Question

Setup with Zscaler Proxy on Web Gateway?

What do I need to do to setup the Web Gateway assessment to work with Zscaler proxy?  

2
D
7 months ago
I
it_support
asked in Ask a Question

Where to find Client ID for Cymulate portal

Hello Team,I am in process of setting up SSO for Azure and it required Client ID from Cymulate portal.As per the instruction, it should be next to Name and it is a combination of numbers and letters but I could not see it anywhere. Can you please share your thoughts on this one?

1
I
7 months ago
N
naveen matthi
asked in Ask a Question

Looking to ntegrate the Cymulate with the Microsoft Sentinel

I am new to the Cymulate and want to integrate with the Microsoft SentinelWant to understand how to Work on The integrationplease share any Docmentation for the referencing purpose

1
idant
Community Manager
8 months ago
I
inakiruiz
asked in Ask a Question

[Endpoint Security Module] Access is denied

Hello everyone!I have launched an Endpoint Security Assessment which has failed. The main error is “Access is denied”:An error occurred trying to start process 'C:\Program Files\Cymulate\Agent\Executor\36.0\CymulateEDRScenarioExecutor.exe' with working directory 'C:\Program Files\Cymulate\Agent\Executor\36.0'. Access is denied.I have slightly debugged the problem and I can confirm that the user exists on the machine as well as the exceptions made in the EDR are the following:ProgramData\Cymulate\Agent\** Program Files\Cymulate\Executor\** Program Files\Cymulate\CLI\** Program Files\Cymulate\Service\** Program Files\Cymulate\Agent\*Has anyone else experienced this error on Endpoint Security Module or in another one? How could I debug deeper this error?Thank you very much!

1
David_Kellerman_CISSP
Employee
8 months ago
D
david_pearson
asked in Ask a Question

Service Based Agent - Reconnect

Morning, Does any know what would happen in the below scenario should the agent lose connectivity to the network when running an Endpoint Security assessmentWould it reconnect and continue when a network is available? Would it have to be on the same network for the assessment to start ruining against from where it left off? Is there a time limit to how long before it would give up and not try reconnecting?Any help/ knowledge shared would be greatly appreciated. 

1
O
Employee
8 months ago
L
lucio_de_luca
asked in Ask a Question

Agent log disk space

Hello!Are there any best practice to manage agent logs on Windows machines?Specifically we are interested into best practices to manage the disk space, because we verified that after an year the disk is full and we need to decide which logs can be deleted.Moreover is there a configuration in the Agent or in the platform that can be set to overwrite past logs. Thank you,Lucio 

5
M
Employee
9 months ago
T
tonyl
asked in Ask a Question

Configurate the Hopper template

HiRef to this guide  If I don´t define any Scope Range and leave the field empty, will the agent scan and try to reach every singel network/IP it can find? Or the agent will never leave the server that the agent was installed. So final question is it require to fill the scope or exclude range?

1
R
Employee
9 months ago
T
tonyl
asked in Ask a Question

Cymulate Cloud server

Hi. When a Hopper report are uploaded to the Cymulate Cloud server. In which country are the server placed?  Tony

3
nirs
Employee
9 months ago
T
tonyl
asked in Ask a Question

Abort a running Hopper assessment

Hi Is it possible to abort a (lateral movement) Hopper assessment after launch?And what will happen with the Hopper “agent” if the agent was able to jumpe to let say 3 server? Will the agent kill the Hopper “process” it self if don´t get some kind of “keep-alive” signal back from “mother” Hopper. Or the Hopper will continued to doing task until it don´t get any feedback.

3
S
Employee
10 months ago
J
jatin_sadaye
asked in Ask a Question

Agent authentication

We have been found that on system where Cymulate agent is installed and its https service is not getting up and showing red. It is shown that no authenticated client on the system.

2
S
Employee
10 months ago
S
siddhesh_vast
asked in Ask a Question

CVE-2022-42889

Hello, I am reaching out to check if there are some IOC’s/payloads available to test WAF controls against CVE-2022-42889. Any help much appreciated.

1
dave_klein
11 months ago
Mike_U
Mike_U
asked in Ask a Question

Hopper ports

Hey guys! Can you please tell me all the port numbers that are supported by the hopper?I know the below protocol is supported by hopper.---------------------SMBWMI/DCOM/RPCRDPSSHWinRMMSSQL   Thank you! 

0
Mike_U
11 months ago

Badge winners

  • Conversation Starter
    Patriciahas earned the badge Conversation Starter
  • Conversation Starter
    Steve_Eyrehas earned the badge Conversation Starter
  • Conversation Starter
    hrseohas earned the badge Conversation Starter
  • Rising star
    nirshas earned the badge Rising star
  • Product expert
    Yahav Levinhas earned the badge Product expert
Show all badges
Terms & ConditionsCookie settings