Boom! A brand new version of the MazeRunner Community Edition. Our widely-used cyber deception platform now has an API, scaling automation features, Responder.py (Pass-the-Hash) breadcrumbs, Active Directory integration, and much more.
Other than their intended uses, there are very few differences between MazeRunner’s Community and Enterprise Editions. The Community Edition does not support Windows due to licensing issues, and does not include ActiveSOC (incident response automation and intelligence generation). You can see a comparison table below.
We’re especially excited about two new features, which make MazeRunner much more powerful and allow you to share with the community (much like you would with Snort signatures):
- Full API – With the API you can automate your use of MazeRunner. From taking a feed from MazeRunner and integrating it with other solutions (from sandboxes and EDR solutions to orchestration and devops systems) to using MazeRunner on demand, or updating a deception story periodically. You could even automatically isolate an attacker by integrating with your SDN infrastructure. Using the API, you can also share deception stories. When you create new deception stories for a system (e.g., SWIFT), a specific attacker and their TTPs (e.g., APT3), or a new exploit (e.g., Apache Struts), you can then export and share/reuse them.
- IoC and TTP sharing – With over a thousand of our community users choosing to share data with us, we are starting to see a significant number of attacks. Bearing our users’ wishes in mind, we plan to create an open intelligence feed based on these IoCs.
We come from the trenches, and we give back to the community. It’s very exciting to see so many practitioners using the platform.
Some of the updates since the last Community Edition version:
- New MazeRunner API
- Responder network breadcrumbs (for Pass-the-Hash attacks)
- Endpoint import from Active Directory and CIDR blocks
- New automatic deployment options for breadcrumbs
- Updated deception story wizard with updated (and new) deception stories
- Automatic refreshing of the deception campaign in predefined time intervals
- New service type (Git) and breadcrumb types (Git credentials, Responder – Pass the Hash)
- New integration support (Active Directory, ArcSight, Splunk, Elasticsearch, Phantom, McAfee ePO, Chef, IBM BigFix, and many more)
- Updated email alerting features
- New diagnostics
- New access control whitelist
- New advanced network configuration options
- New support for LDAP (LDAP over SSL)
- And more…
Download the new version, here: https://community.cymmetria.com
IMPORTANT TECHNICAL NOTE on the update:
This new version is significantly different from the original Community Edition. Therefore, your old data will not transfer to your new installation, and MazeRunner’s internal update feature will not work. You will need to redeploy MazeRunner.
Join our Slack channel for sharing in the community, discussion, and live support. Invitation link: https://community.cymmetria.com/slack
Note on licensing:
The MazeRunner Community Edition is publicly available for private initiatives and research endeavors at no cost or commitment to purchase. That said, commercial entities are allowed to use it for 30 days, following which they are limited to use 1 decoy and 10 breadcrumbs (see licensing note, below).
Table: How is MazeRunner Community Edition different from MazeRunner Enterprise Edition?
We look forward to hearing from you, and learning how you use MazeRunner!
 If you are installing MazeRunner Community Edition for your own private use in a non-commercial and non-production environment, you are not limited in the amount of “decoys” and “endpoints” you may deploy. If you are installing MazeRunner Community Edition on behalf of an organization, you may use the product solely for internal testing and evaluation of the software and its performance in a non-production environment. The software is not limited to any number of “decoys” and “endpoints” for the first 30 days, but its use is limited to 1 “decoy” and 10 “endpoints” following this 30-day period.
Please consult the full text of the license for additional details, as the full terms of the license govern. For more information or to provide feedback, please contact email@example.com.
Gadi is the Founder and CEO of Cymmetria. Prior to founding Cymmetria, he was VP of Cybersecurity Strategy for Kaspersky Lab, led PwC’s Cyber Security Center of Excellence (located in Israel), and was CISO of the Israeli government’s Internet operations. Gadi is widely recognized for his work in Internet security operation and global incident response, and is considered the first botnet expert. He is currently Chairman of the Israeli CERT.