UnICORN Library

SCYTHE aims to educate and engage in order to inspire the art of the possible in cybersecurity. Adversarial threats, risk management, and security innovation don’t pause when working from home. We have curated a collection of presentations, research, blogs, and conversations from our team. Come enjoy our library and stay tuned for the new unicorn content that will be added regularly.

Featured CONTENT

#ThreatThursday

New!

May 26, 2022

Threat Emulation: Industroyer2 Operation

Welcome to the May 2022 SCYTHE #ThreatThursday! This month we are featuring the recent Industroyer2 operation observed in Ukraine with a new campaign. Per the reporting from ESET, the Sandworm threat actor group was most likely responsible for deploying the Industroyer2 malware.

VIEW

Blog Post

New!

May 20, 2022

Version 3.7 of the SCYTHE Platform Released - Demo Video

Now you can easily collaborate with Blue Teams to strengthen cyber defenses. Be more effective and efficient with a centralized dashboard and enhancements to user experience.

VIEW

Blog Post

New!

May 17, 2022

F5 Big-IP appliances vulnerability - Follow-up

Last week, SCYTHE released emulation plans detailing post-exploitation activity by threat actors targeting F5 Big-IP appliances (CVE-2022-1388). To add to the fun, SCYTHE’s own Brandon Radosevich created a module to test for the F5 Big-IP vulnerability. SCYTHE normally focuses exclusively on post-exploitation and vulnerability scanning really isn’t our thing. This is the second time SCYTHE has built vulnerability scanning modules (the other being log4j).

VIEW

Read the #ThreatThursday series by our Chief Technology Officer, Jorge Orchilles. Each week Jorge dives into different threats by consuming Cyber Threat Intelligence, creating adversary emulation plans with SCYTHE and sharing them on our Community Threats Github, and covering how to defend against these adversaries.

VIEW

#ThreatThursday

New!

March 31, 2022

#ThreatThursday FIN13

Welcome to our March 2022 SCYTHE #ThreatThursday! This month we will do a deep dive on the threat actor FIN13 who has been tracked by Mandiant since 2017 and is known to target Mexican organizations. We will examine the phases of their attacks, and extract TTPs from Mandiant’s report to build a SCYTHE Campaign that emulates their post-breach behavior.

VIEW

Blog Post

New!

March 24, 2022

Cybersecurity and Your Board

The role of a board member continues to evolve in response to shifts in the business landscape. Cybersecurity is a key component of business continuity and success, and board members’ will demand more from their companies’ leadership.

VIEW

Blog Post

New!

March 16, 2022

Summiting the Pyramid of Pain: The TTP Pyramid

Tactics, Techniques, and Procedures often get lumped together as the phrase TTPs. Each though is a drastically different level of Cyber Threat Intelligence. So often, the phrase TTP is thrown around but only represents getting to the technique level with no procedure data. Here we will cover the significant benefits of getting to the procedure level of TTPs.

VIEW

#ThreatThursday

New!

February 24, 2022

Threat Actor APT35

Welcome to the February 2022 SCYTHE #ThreatThursday! This edition covers some recent intelligence from Check Point Research on post access tools and procedures leveraged by APT35. In addition, we recommend reviewing Check Point’s excellent write-up to complement our post if you have the time.

VIEW

New!

February 4, 2022

Breaking Down LOLBAS Attacks With The Help Of Hunter-gatherers

Read how Nathali Cano compares hunter-gatherers techniques to the LOLBAS attacks!

VIEW

#ThreatThursday

New!

January 27, 2022

Adversary Emulation Diavol Ransomware #ThreatThursday

We have created our most elaborate automated threat, emulating a real Diavol ransomware attack, in a 5-stage attack

VIEW

See All Posts

let our tech speak for itself

Know where you stand with SCYTHE. Talk to us to start the evaluation process today! We’d love to talk to you about how SCYTHE can fit into your cybersecurity workflow.

LEARN MORE

UnICORN Library

Featured CONTENT

Threat Emulation: Industroyer2 Operation

Version 3.7 of the SCYTHE Platform Released - Demo Video

F5 Big-IP appliances vulnerability - Follow-up

#ThreatThursday FIN13

Cybersecurity and Your Board

Summiting the Pyramid of Pain: The TTP Pyramid

Threat Actor APT35

Breaking Down LOLBAS Attacks With The Help Of Hunter-gatherers

Adversary Emulation Diavol Ransomware #ThreatThursday

See All Posts

let our tech speak for itself

Know where you stand with SCYTHE. Talk to us to start the evaluation process today! We’d love to talk to you about how SCYTHE can fit into your cybersecurity workflow.

COMPANY

SCYTHE USE CASES

Get In Touch!