Product in Action

Responder.py detection across an entire enterprise's infrastructure, using MazeRunner

Since our last blog post about MazeRunner’s Responder Monitor, we have improved it based on feedback from the field, and then deployed it at customer sites—most notably across the entire network of a Fortune 500 customer. In the now infamous attack against Hacking Team, in what turned out to be one of the best guides ever written …

Responder.py detection across an entire enterprise's infrastructure, using MazeRunner Read More »

shutterstock_445236850

Using cyber deception to gain visibility and control of IoT devices

Cyber deception is very effective in IoT security, although naturally there is a limit to that effectiveness. Security concerns with IoT revolve around a few central issues (threats), which include visibility into the existence of IoT devices, vulnerability of IoT devices, what these IoT devices might be able to do, and how they can be …

Using cyber deception to gain visibility and control of IoT devices Read More »

RDP replay: What if you could shoulder surf your attacker?

Below is a screenshot from a video (recorded by MazeRunner) that shows an attacker installing a bitcoin miner on a MazeRunner decoy at a customer site. Cyber deception catches attackers. It shifts the asymmetry between attackers and defenders, giving control back to the defenders. It also provides powerful visibility that used to exist only at …

RDP replay: What if you could shoulder surf your attacker? Read More »

Special Forces copying a laptop hard drive

The Crossed Swords wargame: Catching NATO red teams with cyber deception

Special Forces copying a laptop hard drive   *Pentesters are sometimes referred to as “attackers” throughout this post. Once a year, the pentesters and red teams of the countries of NATO descend on Tallinn to visit the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) for the Crossed Swords wargame (not to be confused …

The Crossed Swords wargame: Catching NATO red teams with cyber deception Read More »

You can run command ‘history -c’, but you can’t hide: MazeRunner Community Edition is one step ahead

This past week, a MazeRunner Community Edition user, named Antonio, reached out to Cymmetria and asked us to help him deploy MazeRunner in his network. One of our developers worked with Antonio to help him get everything set up to his liking; this included helping him build his first deception campaign, which included two Internet-facing SSH decoys. Within …

You can run command ‘history -c’, but you can’t hide: MazeRunner Community Edition is one step ahead Read More »

APT Report: How we caught Patchwork with Cyber Deception

Patchwork is a targeted threat that was disclosed by Cymmetria’s research team last Thursday. Patchwork has affected about 2,500 targets worldwide since December 2015. The threat actor shows a high interest in Southeast Asia, targeting individuals employed by governments and government-related organizations, specifically those dealing with political and military aspects relating to the region. While …

APT Report: How we caught Patchwork with Cyber Deception Read More »

Scroll to Top