Tim Schulz

July 26, 2021

Adaptive Adversary Emulation (Part 1): Execution Details

Back in 2019 at the inaugural SANS Purple Team Summit I gave a talk titled “Adaptive Adversary Emulation with MITRE ATT&CK®”. In the talk I go over how small changes to adversary emulation plans can provide significant results and allow a deliberate approach to generating iterative tests.

Read Now

July 8, 2021

Threat Thursday - Exfiltration Over Web Service: Exfiltration to Cloud Storage

This #ThreatThursday is all about leveraging cloud storage to exfiltrate data. We also cover a tool that leaves credentials unsecured on the file system. In particular, we are going to look at how threat actors leverage cloud services like MEGA and use open source tools like rclone to exfiltrate data.

Read Now

May 24, 2021

Introducing the Purple Team Maturity Model

Today we are proposing a preliminary answer to that question, which initially started out as Advanced Purple Teaming and evolved into something even larger in scope (sidenote: Advanced Purple Teaming is coming). Our answer is what we are calling the Purple Maturity Model.

Read Now

May 14, 2021

Why assume breach?

Are you wondering why you and your organization should assume breach? SCYTHE’s Adversary Emulation Lead Tim Schulz answers this frequently asked question, and covers scenarios in which using an assumed breach model can help focus on strengthening detection capabilities.

Read Now

March 25, 2021

Threat Thursday - Lazarus

The Lazarus Group (aka HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY)! Lazarus was an extremely active adversary in 2020 and has continued to build capability over the past decade. They are responsible for many high profile hacks seen over the years, such as the Sony hack in 2014. Lazarus Group has been attributed as a North Korean state sponsored hacking group by the FBI.

Read Now


November 8, 2021

SCYTHE Announces Series A Funding Round

Today, the SCYTHE team and I are thrilled and proud to announce the closure of our $10 million in Series A funding which acts as an endorsement of our hard work, innovative technology, and commitment to solving customers’ cybersecurity challenges. 

Read Now

November 3, 2021

Simplifying the MITRE ATT&CK Framework

The immeasurable value of ATT&CK truly lies in being an open source tool, meaning it’s data has been shared from contributors from all over the globe. All the intelligence captured in the ATT&CK framework has brought communities of blue and red teamers that are looking to understand how adversaries operate, what they do, what tools they use, etc.

Read Now

October 27, 2021

The Risks of Supply Chain Corruption from IoT Devices

A recent report highlighted by the National Cyber Security Centre uncovered a 37% increase in supply chain attacks in the previous year. Unsurprisingly, this increase coincides with a growing demand to integrate Internet-of-Things (IoT) and Industrial IoT (IIoT) into company networks. Supply chain corruption via (I)IoT is an area that demands further research and attention. 

Read Now