Cymmetria Archives

A legal and operational framework for hacking-back

1. Introduction When you talk to people in the cybersecurity industry, you’ll hear that incident response is often associated with “good guy” actions you take to means “good guy” actions that you take to stop the “bad guys” from stealing your stuff, whereas “hack-back” is the equivalent of identifying a person who robbed you, following …

A legal and operational framework for hacking-back Read More »

Responder.py detection across an entire enterprise's infrastructure, using MazeRunner

Since our last blog post about MazeRunner’s Responder Monitor, we have improved it based on feedback from the field, and then deployed it at customer sites—most notably across the entire network of a Fortune 500 customer. In the now infamous attack against Hacking Team, in what turned out to be one of the best guides ever written …

Responder.py detection across an entire enterprise's infrastructure, using MazeRunner Read More »

shutterstock_445236850

Using cyber deception to gain visibility and control of IoT devices

Cyber deception is very effective in IoT security, although naturally there is a limit to that effectiveness. Security concerns with IoT revolve around a few central issues (threats), which include visibility into the existence of IoT devices, vulnerability of IoT devices, what these IoT devices might be able to do, and how they can be …

Using cyber deception to gain visibility and control of IoT devices Read More »

dashboard

Beyond PewPew: Building security visualization that matters

With version 1.6 of Cymmetria’s MazeRunner, we released a new cyber deception visualization module. It’s not just awesome, it’s actually useful.   MazeRunner Dashboard Visualization has proven its value many times over in many fields, and in security specifically. But while visualization is useful, how do we move past Threatbutt-like, cool-yet-meaningless maps, to a useful …

Beyond PewPew: Building security visualization that matters Read More »

RDP replay: What if you could shoulder surf your attacker?

Below is a screenshot from a video (recorded by MazeRunner) that shows an attacker installing a bitcoin miner on a MazeRunner decoy at a customer site. Cyber deception catches attackers. It shifts the asymmetry between attackers and defenders, giving control back to the defenders. It also provides powerful visibility that used to exist only at …

RDP replay: What if you could shoulder surf your attacker? Read More »

Special Forces copying a laptop hard drive

The Crossed Swords wargame: Catching NATO red teams with cyber deception

Special Forces copying a laptop hard drive   *Pentesters are sometimes referred to as “attackers” throughout this post. Once a year, the pentesters and red teams of the countries of NATO descend on Tallinn to visit the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) for the Crossed Swords wargame (not to be confused …

The Crossed Swords wargame: Catching NATO red teams with cyber deception Read More »

You can run command ‘history -c’, but you can’t hide: MazeRunner Community Edition is one step ahead

This past week, a MazeRunner Community Edition user, named Antonio, reached out to Cymmetria and asked us to help him deploy MazeRunner in his network. One of our developers worked with Antonio to help him get everything set up to his liking; this included helping him build his first deception campaign, which included two Internet-facing SSH decoys. Within …

You can run command ‘history -c’, but you can’t hide: MazeRunner Community Edition is one step ahead Read More »

Scroll to Top