Attacks/Breaches
3/29/2017
04:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cymmetria Releases MazeRunner Community Edition Update

March 28, 2017 – Cymmetria, a developer of comprehensive cyber deception solutions, today
announced the release of a brand new version of its MazeRunner Community Edition – a free
version of its Enterprise deception solution.

The widely-used cyber deception platform now has an API, scaling automation features,
Responder.py (Pass-the-Hash) breadcrumbs, Active Directory integration, and much more.

“We’re especially excited about two new features: a full API, and IoC and TTP sharing,” said
Gadi Evron, Founder and CEO of Cymmetria. “These features make MazeRunner much more
powerful and allow users to share with the community, much like they would with Snort
signatures.”

With over a thousand community users choosing to share data with Cymmetria, the company
has decided to create an open intelligence feed based on these IoCs.

The full API allows users to automate their use of MazeRunner. Example usages include taking
a feed from MazeRunner and integrating it with other solutions (from sandboxes and EDR
solutions to orchestration and devops systems), and integrating with a user’s SDN infrastructure
to automatically isolate an attacker.

The MazeRunner Community Edition is publicly available for private initiatives and research
endeavors at no cost or commitment to purchase. Commercial entities are allowed to use it for
30 days, following which they are limited to use 1 decoy and 10 breadcrumbs.

“We come from the trenches, and we give back to the community,” said Evron. “It’s very exciting
to see so many practitioners using the platform.”

The new Community Edition is immediately available to the public at large. The new version can
be downloaded from https://community.cymmetria.com .

You can join Cymmetria’s Slack channel for sharing in the community, discussion, and live
support. Invitation link:
https://mazerunnercommunity.slack.com/shared_invite/MTYxMTYxMjIzMzgyLTE0OTA2NTE0N
TgtNmFlYTFkNGVkNA


About Cymmetria:
Cymmetria is a startup offering a pioneering cyber deception solution, based on breadcrumbs
and decoys that lead attackers away from valuable targets. With Cymmetria, organizations gain
the ability to detect threats, shape attacker behavior, and mitigate attacks. Founded in 2014 by
security experts Gadi Evron and Dean Sysman, Cymmetria is changing the asymmetry of cyber
security, tilting the traditional security odds so that hackers are the ones left vulnerable.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.