Elaine Harrison-Neukirch

September 7, 2021

T1030- Testing Data Transfer Limit Sizes

Ransomware is not the only threat. Data exfiltration can occur in many scenarios. SCYTHE can be used to test detection of data exfiltration by testing the transfer limits of data. Enjoy our latest blog by Elaine Harrison-Neukirch.

Read Now

August 31, 2021

SCYTHE’s Virtual File System

If you follow SCYTHE’s Threat Thursday posts and utilize SCYTHE’s Community Threats Github Repository, you are probably familiar with the VFS (Virtual File System) folders used with some of the Community Threats.

Read Now

July 15, 2021

Exfiltration Over Alternative Protocol

Blue Teamers, have you been looking for an automated method of discovery for ports that are allowed in outbound, North/ South (egress) traffic within your network? Your search is over! SCYTHE’s Marketplace offers a free module, Let Me Out (LMO), a SCYTHE port of mubix’s Let Me Out project. This module tests egress traffic for specific ports.

Read Now

June 7, 2021

SCYTHE & ATT&CK Navigator

How are Blue Teams utilizing SCYTHE? One way the Blue Team can use SCYTHE is by reviewing its reporting. SCYTHE’s reports can be used by the Blue Team in determining how gaps in security controls can be mitigated. In this post, we will be discussing the MITRE ATT&CK Navigator and NIST 800 Navigator Summary reports.

Read Now


May 26, 2022

Threat Emulation: Industroyer2 Operation

Welcome to the May 2022 SCYTHE #ThreatThursday! This month we are featuring the recent Industroyer2 operation observed in Ukraine with a new campaign. Per the reporting from ESET, the Sandworm threat actor group was most likely responsible for deploying the Industroyer2 malware.

Read Now

May 20, 2022

Version 3.7 of the SCYTHE Platform Released - Demo Video

Now you can easily collaborate with Blue Teams to strengthen cyber defenses. Be more effective and efficient with a centralized dashboard and enhancements to user experience.

Read Now

May 17, 2022

F5 Big-IP appliances vulnerability - Follow-up

Last week, SCYTHE released emulation plans detailing post-exploitation activity by threat actors targeting F5 Big-IP appliances (CVE-2022-1388). To add to the fun, SCYTHE’s own Brandon Radosevich created a module to test for the F5 Big-IP vulnerability. SCYTHE normally focuses exclusively on post-exploitation and vulnerability scanning really isn’t our thing. This is the second time SCYTHE has built vulnerability scanning modules (the other being log4j).

Read Now