Cymmetria Releases the MazeRunner Community Edition

Cymmetria Releases the MazeRunner Community Edition

The power of deception technology as an extremely viable solution to the most advanced cyber threats is unquestionable (to us at Cymmetria, at least). We are also huge supporters of the cybersecurity community that we call home and believe strongly in giving back to that community. This is why we are excited to raise the curtain on our solution and provide free access to those looking to explore its benefits. The MazeRunner Community Edition (same one that caught the Patchwork APT as detailed in our report last week) is now available for free to anyone wishing to use it for research for personal use.


Read about the updated features in our newest Community Edition release!

Defender screen – showing how a breadcrumb is created. This will be placed on an endpoint as bait for an attacker in his reconnaissance phase:


Attacker screen – showing the same breadcrumb seen by the attacker running a data gathering tool on a compromised machine. Note in the bottom he steals the credentials planted by Cymmetria:

MazeRunner helps enterprises and cybersecurity teams defend valuable organizational assets from ever changing cyber threats. MazeRunner addresses the need to quickly identify and stop advanced threat actors from operating inside the organizational perimeter, regardless of whether the attacker is lying dormant and gathering information, or actively performing lateral movement.

 Download MazeRunner Community Edition Today!


Deception dashboard – showing how an attacker penetrated the executive team, moved onto HR services and towards a file server

The deception dashboard also reflects the deception campaign, a story crafted to target advanced attackers. It shows management workstations, development servers and HR workstations. These serve as the entrance point for the attacker to harvest credentials and other information that will lead him to decoys:

Code execution – showing the information gathered by the decoy (or honeypot), as an attacker was working on it after he followed a breadcrumb. It shows (from bottom towards the top):

Low command: the attacker runs wget, a command that lets him download an external file to the compromised server

Middle command: takes the downloaded file and changes it to be executable

Top command: runs the downloaded backdoor

Chronological view of the attack from the previous screenshot

The new Community Edition of MazeRunner will be publicly available for private initiatives and research endeavors at no cost or commitment to purchase. The platform is fully customizable and integrates seamlessly with existing IT and security tools, allowing users to implement deception elements across the network. It is flexible and does not burden existing organizational systems, nor requires a lot of human capital to operate.

Workshops on cyber deception using our community edition are taking place at HOPE conference (July 22-24, NY, USA), and DEFCON 24 (August 4-7, Las Vegas, USA).

We truly hope you enjoy the platform and please do give us your feedback.


Gadi is the Founder and CEO of Cymmetria. Prior to founding Cymmetria, he was VP of Cybersecurity Strategy for Kaspersky Lab, led PwC’s Cyber Security Center of Excellence (located in Israel), and was CISO of the Israeli government’s Internet operations. Gadi is widely recognized for his work in Internet security operation and global incident response, and is considered the first botnet expert. He is currently Chairman of the Israeli CERT.

Share this:


Scroll to Top