Jorge Orchilles

September 9, 2021

ThreatThursday - Phobos Ransomware

As usual, we will consume Cyber Threat Intelligence and map it to MITRE ATT&CK. We will create an adversary emulation plan, share it on our Community Threats Github, and we will show how to Attack, Detect, and Respond to Phobos attacks.

Read Now

September 2, 2021

Threat Thursday - Hive Ransomware

The FBI released a Flash Alert on August 25, 2021 warning organizations about the Hive ransomware that has affected at least 28 organizations including Memorial Health. As usual for #ThreatThursday, we will consume the Cyber Threat Intelligence and map it to MITRE ATT&CK, we create and share an adversary emulation plan on the SCYTHE GitHub, and discuss ways to prevent, detect, and respond to this threat. 

Read Now

July 22, 2021

You can’t detect 0-day exploits but… you can detect what happens next

A zero day (or 0-day) is a vulnerability that is not known by the software vendor nor the end users. They are a great way to gain initial access into an organization without being detected. Zero days are rarely used in widespread attacks as they are a high cost to the attacker (identifying a vulnerability that has a high chance of successful exploitation).

Read Now

July 8, 2021

Threat Thursday - Exfiltration Over Web Service: Exfiltration to Cloud Storage

This #ThreatThursday is all about leveraging cloud storage to exfiltrate data. We also cover a tool that leaves credentials unsecured on the file system. In particular, we are going to look at how threat actors leverage cloud services like MEGA and use open source tools like rclone to exfiltrate data.

Read Now

June 24, 2021

Threat Thursday Top Ransomware TTPs

At SCYTHE we are constantly collaborating with industry experts and organizations. Recently, someone reached out as they are building out a ransomware readiness assessment. “We are looking for a consolidated mapping of major ransomware actors on the ATT&CK framework, like SCYTHE does for individual actors on #ThreatThursday.

Read Now


December 16, 2021

#ThreatThursday - UNC2452

Ben Finke from OnDefend will go through our typical #ThreatThursday format to introduce the threat actor, UNC2452, ingest Cyber Threat Intelligence, build an adversary emulation plan, and discuss detection and response.

Read Now

December 15, 2021

Porting the Log4J CVE PoC to SCYTHE

A walkthrough of SCYTHE's Log4j module

Read Now

November 30, 2021

Threat Thursday - Red Canary October Detection Opportunities

Our new Adversary Emulation Detection Engineer, Christopher Peacock, shares this #ThreatThursday where he dived into Red Canary’s new blog and reviewed the methods they used in order to develop emulation plans to validate the detection opportunities in your environment.

Read Now