UnICORN Library

SCYTHE aims to educate and engage in order to inspire the art of the possible in cybersecurity. Adversarial threats, risk management, and security innovation don’t pause when working from home. We have curated a collection of presentations, research, blogs, and conversations from our team. Come enjoy our library and stay tuned for the new unicorn content that will be added regularly.

Featured CONTENT

#ThreatThursday

New!

December 8, 2022

Qakbot Reloaded

Qakbot is making the rounds once again, expanding its service as malware used by Initial Access Brokers (IAB). After a takedown attempt on Emotet and a recent pause of its operation, Qakbot and Bokbot/IceID have dominated the field as IABs. Qakbot, also known as QBot was a banking trojan at its inception but due to its modular design can be quite versatile. An important call out here is that recent cyber threat intelligence reveals Qakbot threat actors have modified their tactics, techniques, and procedures. This is precisely why we have created this new emulation.

VIEW

Blog Post

New!

December 6, 2022

Purple Teaming and Financial Services

SCYTHE was recently featured by the Credit Union National Association for its work with Dupaco Community Credit Union! “You don’t need to have tens or hundreds of analysts, a blue team, a red team, or cyber-intelligence experts to implement a purple team. You just need great security people interested in researching and understanding attacks. To start, you just need one TTP and a tool capable of receiving logs and generating alerts.”

VIEW

#ThreatThursday

New!

December 1, 2022

Black Basta IOCs

Black Basta is making the news once again as our friends at SentinelLabs released new research tying the operator’s latest activity to the Russian-linked FIN7. Despite being a relatively new player in the ransomware arena, Black Basta quickly gained credibility given their novel tools and techniques.

VIEW

Read the #ThreatThursday series by our Chief Technology Officer, Jorge Orchilles. Each week Jorge dives into different threats by consuming Cyber Threat Intelligence, creating adversary emulation plans with SCYTHE and sharing them on our Community Threats Github, and covering how to defend against these adversaries.

VIEW

#ThreatThursday

New!

March 31, 2022

#ThreatThursday FIN13

Welcome to our March 2022 SCYTHE #ThreatThursday! This month we will do a deep dive on the threat actor FIN13 who has been tracked by Mandiant since 2017 and is known to target Mexican organizations. We will examine the phases of their attacks, and extract TTPs from Mandiant’s report to build a SCYTHE Campaign that emulates their post-breach behavior.

VIEW

Blog Post

New!

March 24, 2022

Cybersecurity and Your Board

The role of a board member continues to evolve in response to shifts in the business landscape. Cybersecurity is a key component of business continuity and success, and board members’ will demand more from their companies’ leadership.

VIEW

Blog Post

New!

March 16, 2022

Summiting the Pyramid of Pain: The TTP Pyramid

Tactics, Techniques, and Procedures often get lumped together as the phrase TTPs. Each though is a drastically different level of Cyber Threat Intelligence. So often, the phrase TTP is thrown around but only represents getting to the technique level with no procedure data. Here we will cover the significant benefits of getting to the procedure level of TTPs.

VIEW

New!

February 4, 2022

Breaking Down LOLBAS Attacks With The Help Of Hunter-gatherers

Read how Nathali Cano compares hunter-gatherers techniques to the LOLBAS attacks!

VIEW

#ThreatThursday

New!

January 27, 2022

Adversary Emulation Diavol Ransomware #ThreatThursday

We have created our most elaborate automated threat, emulating a real Diavol ransomware attack, in a 5-stage attack

VIEW

#ThreatThursday

New!

January 27, 2022

Emulación de Adversarios Diavol Ransomware

Hemos creado nuestra amenaza automatizada más elaborada, emulando un ataque real del ransomware Diavol, en un ataque de 5 etapas.

VIEW

See All Posts

let our tech speak for itself

Know where you stand with SCYTHE. Talk to us to start the evaluation process today! We’d love to talk to you about how SCYTHE can fit into your cybersecurity workflow.

LEARN MORE

UnICORN Library

Featured CONTENT

Qakbot Reloaded

Purple Teaming and Financial Services

Black Basta IOCs

#ThreatThursday FIN13

Cybersecurity and Your Board

Summiting the Pyramid of Pain: The TTP Pyramid

Breaking Down LOLBAS Attacks With The Help Of Hunter-gatherers

Adversary Emulation Diavol Ransomware #ThreatThursday

Emulación de Adversarios Diavol Ransomware

See All Posts

let our tech speak for itself

Know where you stand with SCYTHE. Talk to us to start the evaluation process today! We’d love to talk to you about how SCYTHE can fit into your cybersecurity workflow.

COMPANY

SCYTHE USE CASES

Get In Touch!