Adam Mashinchi

October 22, 2020

#ThreatThursday - FIN6

Welcome to another week of #ThreatThursday! This week’s Threat Thursday is going to be slightly different from the standard as we discuss the FIN6 Adversary Emulation plan released by MITRE Engenuity’s Center for Threat-Informed Defense. We will focus on the importance of machine-readable Cyber Threat Intelligence at the adversary behavior and TTP level, sharing adversary emulation plans, and YAML-to-JSON conversion

Read Now

October 1, 2020

#ThreatThursday - MAZE

Welcome to another edition of #ThreatThursday. This week we are excited to kick off Cybersecurity Awareness Month looking at MAZE, a ransomware threat which emerged around May 2019, predominantly affecting organizations in the USA. MAZE, like other ransomware, also has an extortion component, where exfiltration of the original data also occurs in addition to the encryption/ransom component.

Read Now

September 17, 2020

#ThreatThursday - HoneyBee

Welcome to another edition of #ThreatThursday. This week we look at Honeybee, a campaign led by an unknown actor that targets humanitarian aid organizations and has been active in Vietnam, Singapore, Argentina, Japan, Indonesia, and Canada. This post coincides with a talk I gave at EkoParty on Adversary Emulation.

Read Now

July 31, 2020

Porting Tools to SCYTHE: An SDK Proof of Concept

With the release of the SCYTHE Software Development Kit (SDK), we released two new and important components to help make the development of SCYTHE modules frictionless for third party developers: the Module Buster application and the Python3 runtime. We feel that one of the best ways for us to demonstrate how easy it is to create a new SCYTHE module is to demonstrate how we ported an open source tool, written in Python, to SCYTHE.

Read Now

June 3, 2020

SCYTHE & PlexTrac Present: Dealin' With The Data

Join Security Weekly's Tyler Robinson, SCYTHE's Adam Mashinchi, and PlexTrac's Dan DeCloss for a discussion on how to "Deal With The Data". The discussion opens with Tyler outlining common headaches that red teamers must deal with at their jobs.

Read Now

More BLOG POSTS

July 26, 2021

Adaptive Adversary Emulation (Part 1): Execution Details

Back in 2019 at the inaugural SANS Purple Team Summit I gave a talk titled “Adaptive Adversary Emulation with MITRE ATT&CK®”. In the talk I go over how small changes to adversary emulation plans can provide significant results and allow a deliberate approach to generating iterative tests.

Read Now

July 22, 2021

You can’t detect 0-day exploits but… you can detect what happens next

A zero day (or 0-day) is a vulnerability that is not known by the software vendor nor the end users. They are a great way to gain initial access into an organization without being detected. Zero days are rarely used in widespread attacks as they are a high cost to the attacker (identifying a vulnerability that has a high chance of successful exploitation).

Read Now

July 22, 2021

Malicious Uses of Blockchains

SCYTHE’s engineering team shares their most recent article on the malicious uses of Blockchains. Here’s why this is important: Cryptocurrencies are discussed often, but few understand what they are or how they work. The engineering team defines each cryptocurrency type in detail.

Read Now