July 28, 2022
Welcome to the July 2022 SCYTHE #ThreatThursday! This edition features an emulation of Qakbot, a piece of malware that is no stranger to the threat intel community.
Read NowJune 30, 2022
June’s Threat Thursday will focus on a unique persistence method that is not widely used by threat actors, but works all the way through at least Windows 11 21H2. In 2020 a few researchers from TrustedSec outlined a unique method of persistence that leverages Windows Telemetry.
Read NowMay 26, 2022
Welcome to the May 2022 SCYTHE #ThreatThursday! This month we are featuring the recent Industroyer2 operation observed in Ukraine with a new campaign. Per the reporting from ESET, the Sandworm threat actor group was most likely responsible for deploying the Industroyer2 malware.
Read NowMay 2, 2022
This is part 2 of our adversary emulation lead, Tim Schulz's series on adaptive emulation.
Read NowMay 30, 2022
There’s a new vulnerability abusing the ms-msdt protocol handler to execute arbitrary code in Office. Since “msdt vulnerability” is hard to track, Kevin Beaumont dubbed this vulnerability Follina (and we’ll continue to use that nomenclature in this post).
Read NowMay 20, 2022
Now you can easily collaborate with Blue Teams to strengthen cyber defenses. Be more effective and efficient with a centralized dashboard and enhancements to user experience.
Read NowMay 17, 2022
Last week, SCYTHE released emulation plans detailing post-exploitation activity by threat actors targeting F5 Big-IP appliances (CVE-2022-1388). To add to the fun, SCYTHE’s own Brandon Radosevich created a module to test for the F5 Big-IP vulnerability. SCYTHE normally focuses exclusively on post-exploitation and vulnerability scanning really isn’t our thing. This is the second time SCYTHE has built vulnerability scanning modules (the other being log4j).
Read Now