Product Updates

dashboard

A new year, a new version of the MazeRunner Community Edition!

2017 has been an exciting year for Cymmetria. We’ve seen deception gain popularity, and our products are now used by some of the world’s largest organizations, as well as many of the coolest smaller ones. While we’re focusing a lot of our efforts on deployment automation and overall scalability for enterprises, we are committed to …

A new year, a new version of the MazeRunner Community Edition!Read More »

dashboard

Beyond PewPew: Building security visualization that matters

With version 1.6 of Cymmetria’s MazeRunner, we released a new cyber deception visualization module. It’s not just awesome, it’s actually useful.   MazeRunner Dashboard Visualization has proven its value many times over in many fields, and in security specifically. But while visualization is useful, how do we move past Threatbutt-like, cool-yet-meaningless maps, to a useful …

Beyond PewPew: Building security visualization that mattersRead More »

MazeRunner now supports SCADA, medical devices, IoT, VoIP, and other ICS and OT honeypots and decoys

We are pleased to announce that Cymmetria’s MazeRunner now supports ICS and OT honeypots as part of its offering, including IoT honeypots, SCADA control system honeypots, PLC honeypots, MODBUS honeypots, VoIP honeypots, and medical device honeypots. Cymmetria’s philosophy of cyber deception underscores the importance of controlling attackers by creating paths that they can take in …

MazeRunner now supports SCADA, medical devices, IoT, VoIP, and other ICS and OT honeypots and decoysRead More »

StrutsHoneypot updated for Apache Struts content-disposition vulnerability

With an exploit now in-the-wild for the Apache Struts content-disposition vulnerability, Cymmetria Research is releasing an updated version of StrutsHoneypot. This exploit has been a bit more complex to develop for, and StrutsHoneypot will only detect it, not block. PHP does not easily allow for handling of raw data when posting multipart data. You can …

StrutsHoneypot updated for Apache Struts content-disposition vulnerabilityRead More »

Pass-the-Hash Deception

MazeRunner now features a whole new category of breadcrumbs, “network traffic breadcrumbs”. These breadcrumbs target threats that sniff the network to gain more credentials, as well as use other propagation techniques. In this version of MazeRunner, the first breadcrumb of this type is generated NTLM traffic, which many known tools (e.g., Responder.py) capture and use in Pass-the-Hash attacks. …

Pass-the-Hash DeceptionRead More »

Scroll to Top