Defender screen – showing how a breadcrumb is created. This will be placed on an endpoint as bait for an attacker in his reconnaissance phase:
Attacker screen – showing the same breadcrumb seen by the attacker running a data gathering tool on a compromised machine. Note in the bottom he steals the credentials planted by Cymmetria:
MazeRunner helps enterprises and cybersecurity teams defend valuable organizational assets from ever changing cyber threats. MazeRunner addresses the need to quickly identify and stop advanced threat actors from operating inside the organizational perimeter, regardless of whether the attacker is lying dormant and gathering information, or actively performing lateral movement.
Deception dashboard – showing how an attacker penetrated the executive team, moved onto HR services and towards a file server
The deception dashboard also reflects the deception campaign, a story crafted to target advanced attackers. It shows management workstations, development servers and HR workstations. These serve as the entrance point for the attacker to harvest credentials and other information that will lead him to decoys:
Code execution – showing the information gathered by the decoy (or honeypot), as an attacker was working on it after he followed a breadcrumb. It shows (from bottom towards the top):
Low command: the attacker runs wget, a command that lets him download an external file to the compromised server
Middle command: takes the downloaded file and changes it to be executable
Top command: runs the downloaded backdoor
Chronological view of the attack from the previous screenshot
The new Community Edition of MazeRunner will be publicly available for private initiatives and research endeavors at no cost or commitment to purchase. The platform is fully customizable and integrates seamlessly with existing IT and security tools, allowing users to implement deception elements across the network. It is flexible and does not burden existing organizational systems, nor requires a lot of human capital to operate.
We truly hope you enjoy the platform and please do give us your feedback.
Gadi is the Founder and CEO of Cymmetria. Prior to founding Cymmetria, he was VP of Cybersecurity Strategy for Kaspersky Lab, led PwC’s Cyber Security Center of Excellence (located in Israel), and was CISO of the Israeli government’s Internet operations. Gadi is widely recognized for his work in Internet security operation and global incident response, and is considered the first botnet expert. He is currently Chairman of the Israeli CERT.