Adam Mashinchi

October 22, 2020

#ThreatThursday - FIN6

Welcome to another week of #ThreatThursday! This week’s Threat Thursday is going to be slightly different from the standard as we discuss the FIN6 Adversary Emulation plan released by MITRE Engenuity’s Center for Threat-Informed Defense. We will focus on the importance of machine-readable Cyber Threat Intelligence at the adversary behavior and TTP level, sharing adversary emulation plans, and YAML-to-JSON conversion

Read Now

October 1, 2020

#ThreatThursday - MAZE

Welcome to another edition of #ThreatThursday. This week we are excited to kick off Cybersecurity Awareness Month looking at MAZE, a ransomware threat which emerged around May 2019, predominantly affecting organizations in the USA. MAZE, like other ransomware, also has an extortion component, where exfiltration of the original data also occurs in addition to the encryption/ransom component.

Read Now

September 17, 2020

#ThreatThursday - HoneyBee

Welcome to another edition of #ThreatThursday. This week we look at Honeybee, a campaign led by an unknown actor that targets humanitarian aid organizations and has been active in Vietnam, Singapore, Argentina, Japan, Indonesia, and Canada. This post coincides with a talk I gave at EkoParty on Adversary Emulation.

Read Now

July 31, 2020

Porting Tools to SCYTHE: An SDK Proof of Concept

With the release of the SCYTHE Software Development Kit (SDK), we released two new and important components to help make the development of SCYTHE modules frictionless for third party developers: the Module Buster application and the Python3 runtime. We feel that one of the best ways for us to demonstrate how easy it is to create a new SCYTHE module is to demonstrate how we ported an open source tool, written in Python, to SCYTHE.

Read Now

June 3, 2020

SCYTHE & PlexTrac Present: Dealin' With The Data

Join Security Weekly's Tyler Robinson, SCYTHE's Adam Mashinchi, and PlexTrac's Dan DeCloss for a discussion on how to "Deal With The Data". The discussion opens with Tyler outlining common headaches that red teamers must deal with at their jobs.

Read Now

More BLOG POSTS

May 26, 2022

Threat Emulation: Industroyer2 Operation

Welcome to the May 2022 SCYTHE #ThreatThursday! This month we are featuring the recent Industroyer2 operation observed in Ukraine with a new campaign. Per the reporting from ESET, the Sandworm threat actor group was most likely responsible for deploying the Industroyer2 malware.

Read Now

May 20, 2022

Version 3.7 of the SCYTHE Platform Released - Demo Video

Now you can easily collaborate with Blue Teams to strengthen cyber defenses. Be more effective and efficient with a centralized dashboard and enhancements to user experience.

Read Now

May 17, 2022

F5 Big-IP appliances vulnerability - Follow-up

Last week, SCYTHE released emulation plans detailing post-exploitation activity by threat actors targeting F5 Big-IP appliances (CVE-2022-1388). To add to the fun, SCYTHE’s own Brandon Radosevich created a module to test for the F5 Big-IP vulnerability. SCYTHE normally focuses exclusively on post-exploitation and vulnerability scanning really isn’t our thing. This is the second time SCYTHE has built vulnerability scanning modules (the other being log4j).

Read Now