UnICORN Library

SCYTHE aims to educate and engage in order to inspire the art of the possible in cybersecurity. Adversarial threats, risk management, and security innovation don’t pause when working from home. We have curated a collection of presentations, research, and conversations from our team. Come enjoy our library and stay tuned for the new unicorn content that will be added regularly.

Presentation

New!

August 10, 2020

Purple Team Exercise Framework (PTEF) Workshop

SCYTHE's Purple Team Exercise Workshop, introducing the newly released Purple Team Exercise FrameworK (PTEF), is now live and available in our library. Purple Team exercises provide an efficient and effective “hands-on-keyboard” adversary emulation method for Red and Blue Team collaboration.

VIEW

#ThreatThursday

New!

August 6, 2020

#ThreatThursday - Evil Corp

This blog post will dive deeper into the Garmin attack, extract TTPs from Cyber Threat Intelligence, create a MITRE ATT&CK Navigator Layer and adversary emulation plan, emulate the attack with Cobalt Strike (like Evil Corp used) and then drop a synthetic WastedLocker built with SCYTHE, and discuss how to defend against ransomware attacks with Olaf Hartong.

VIEW

Blog Post

New!

August 6, 2020

SCYTHE version 3.1 with MITRE ATT&CK Sub-Techniques

SCYTHE 3.1 is here and will be debuted at DEF CON Red Team Village on 8 AUG! With MITRE ATT&CK sub-techniques going live shortly after our major release of v3.0, we wanted to ensure that you are aligning to the latest and greatest framework in the cybersecurity industry across all of your SCYTHE Campaigns and Reports!

VIEW

Blog Post

New!

August 5, 2020

VECTR Integration

We are proud to announce that SCYTHE campaigns can be imported into VECTR! VECTR is a free platform for planning and tracking your Red Team engagements and Purple Team Exercises by aligning to Blue Team detection and prevention capabilities across different attack scenarios. Many SCYTHE customers leverage VECTR to show the value of the overall Red and Purple Team programs and will now be able to import entire SCYTHE campaigns with just a few clicks. First, make sure to upgrade VECTR to the latest version.

VIEW

Blog Post

New!

August 4, 2020

Virtual Hacker Summer Camp 2020

It's that time of the year again, Hacker Summer Camp! The SCYTHE team has a busy week scheduled as we love to give back to the community. We are giving talks, panels, workshops, releasing tools, and even have two Choose Your Own Adventure games for Red and Blue Teams. Here’s a quick guide to where you can find us virtually over the next few days during Black Hat USA and Def Con Safe Mode.

VIEW

Blog Post

New!

July 31, 2020

Porting Tools to SCYTHE: An SDK Proof of Concept

With the release of the SCYTHE Software Development Kit (SDK), we released two new and important components to help make the development of SCYTHE modules frictionless for third party developers: the Module Buster application and the Python3 runtime. We feel that one of the best ways for us to demonstrate how easy it is to create a new SCYTHE module is to demonstrate how we ported an open source tool, written in Python, to SCYTHE.

VIEW

#ThreatThursday

New!

July 30, 2020

#ThreatThursday - Emotet

On Friday, July 17, many of us woke up to a bunch of new phishing emails. What happened over night? Well, like Sherrod DeGrippo from ProofPoint wrote, emotet returns after a 5 month hiatus. Emotet is a banking trojan that gains access to end user machines and steals their financial information such as login information and personal identifiable information (PII). This week, we met with Sherrod and discussed Emotet. As usual, we create an adversary emulation plan based on Cyber Threat Intelligence and then emulate it with SCYTHE.

VIEW

Blog Post

New!

July 29, 2020

SCYTHE’s Ethical Hacking Maturity Model

SCYTHE’s Ethical Hacking Maturity Model enables leading organizations to assess and strengthen their security posture through ethical hacking. There are a number of assessment types an ethical hacker can perform against an organization and this document goes through the process. Enterprises can use SCYTHE’s Ethical Hacking Maturity Model to evolve to the more advanced assessments and operationalize Adversary Emulations via Red Team Engagements and Purple Team Exercises.

VIEW

Blog Post

New!

July 24, 2020

Announcing UniCon

UniCon, our very own Unicorn Conference, is a free conference for security researchers, developers, red teamers, blue teamers, and purple teamers taking place on August 20! We will have two excellent keynotes from Olaf Hartong and John Strand, the release of the SCYTHE Marketplace with custom modules, introduction and AMA with our platform engineers to ask all the technical questions about C2 and synthetic malware, lighting talks with researchers and module developers, great talks, and a brand new CTF.

VIEW

#ThreatThursday

New!

July 23, 2020

#ThreatThursday - Deep Panda

This week we interviewed Bradford Regeski, a Cyber Threat Intelligence analyst at H-ISAC, about the top threats the healthcare industry is seeing. He shared a number of excellent resources on threat actors, told us a little more about H-ISAC, and dove deeper into Deep Panda.

VIEW

#ThreatThursday

New!

July 16, 2020

#ThreatThursday - Orangeworm

This week on #ThreatThursday we cover the latest release of MITRE ATT&CK (with sub-techniques), announce a healthcare partnership, and look at a threat actor that has been targeting the healthcare sector for years: Orangeworm. As usual, we consume Cyber Threat Intelligence, create a threat profile and adversary emulation plan, and discuss how to defend against Orangeworm.

VIEW

Blog Post

New!

July 13, 2020

Splunk Integration

Enterprise-grade platforms have to integrate with other enterprise solutions in order to be effective. SCYTHE focuses on providing business value through adversary emulation and showing whether security tools and controls are properly implemented and tuned to detect malicious behavior. To implement an enterprise solution, SCYTHE integrates with other solutions such as Splunk, PlexTrac, VECTR, and virtually any solution or SIEM via syslog.

VIEW

Blog Post

New!

July 10, 2020

Breaching Terms of Service Doesn’t Breach the CFAA: Protect Independent Security Research

Advances in securing medical devices, vehicle systems, and any of the other systems and connected devices used daily would not be possible without independent researchers testing and auditing those in novel and often unanticipated manners from that intended by the computer/website/app owners.

VIEW

#ThreatThursday

New!

July 9, 2020

#ThreatThursday - Managing Threats

Welcome to another edition of #ThreatThursday! We now have a section on this blog exclusively for #ThreatThursday so that you may efficiently find the resources for CTI analysis, threat emulation, and remediation in one location every week: https://www.scythe.io/threatthursday Feel free to bookmark or subscribe to the RSS feed.

VIEW

Blog Post

New!

July 8, 2020

Under the Hood: SCYTHE Architectural Overview (Part 1)

Hey, this is Ateeq Sharfuddin, head of the engineering team at SCYTHE. Our team has spent the better part of the past year developing significant improvements for version 3 of the SCYTHE platform. As the threat landscape, including adversary tactics, techniques, and procedures (TTPs), constantly evolves, developing an adversary emulation platform must be similarly agile and updated.

VIEW

Blog Post

New!

July 7, 2020

SCYTHE 3.0 is here!

The SCYTHE team has been busy working on version 3.0, our latest release. This release brings major improvements, including support for in-memory third-party Python Modules built using the SCYTHE Software Development Kit (SDK), and will lead up to the launch of the SCYTHE Marketplace.

VIEW

Blog Post

New!

July 6, 2020

Software Development Kit

As the leading platform for Purple Teaming, SCYTHE is proud to release version 3.0 and the new SCYTHE Software Development Kit! SCYTHE now offers an in-memory Python interpreter so developers can write modules entirely in Python. Operators will be thrilled to hear that the runtime and modules operate entirely in-memory without touching the disk. The Software Development Kit (SDK) gives developers a seamless module creation and validation experience.

VIEW

#ThreatThursday

New!

July 2, 2020

#ThreatThursday - Ransomware

A day hardly goes by without hearing about another ransomware attack. Just this week I read, on SANS NewsBites, that University of California San Francisco (UCSF) paid $1.1 million to regain access to their data. This week’s #ThreatThursday we take a look at a ransomware example, learn how criminals are evolving to get paid, create an adversary emulation plan that is safe but valuable for enterprises, and speak to industry thought leader, Olaf Hartong, about defending against ransomware attacks using Sysmon.

VIEW

Presentation

New!

June 28, 2020

Cuddling the Cozy Bear, Emulating APT29 by Jorge Orchilles - Cyber Junegle

In this talk, we will learn about APT29 “Cozy Bear”, how they operate and what their objectives are. We will create an adversary emulation plan using C2 Matrix to pick the best command and control framework that covers the most TTPs. We will spend at least half the talk live demoing the attack with various tools that emulate the adversary behaviors and TTPs.

VIEW

#ThreatThursday

New!

June 25, 2020

#ThreatThursday - Cozy Bear

This week on #ThreatThursday we look at Cozy Bear, or APT29, a Russian government threat group that has been operating since at least 2008. This group is most famous because of the attribution to the Democratic National Committee hack in the summer of 2015.

VIEW

#ThreatThursday

New!

June 18, 2020

#ThreatThursday - APT33

This week on #ThreatThursday we look at an Iranian Threat Actor, APT33 or Elfin. We introduce the MITRE ATT&CK Beta with sub-techniques, create and share an adversary emulation plan for APT33 on Github, show how to execute PowerShell (both powershell.exe and unmanaged PowerShell) through SCYTHE and show how to perform lateral movement within the SCYTHE user interface as well as on the command line.

VIEW

Presentation

New!

June 12, 2020

SCYTHE Demo with Jorge Orchilles

Jorge Orchilles covered a number of topics and did live demos of some of the features coming in SCYTHE version 3.0 including the virtual file system, third party modules, and the SCYTHE Marketplace.

VIEW

#ThreatThursday

New!

June 11, 2020

#ThreatThursday - Buhtrap

In this #ThreatThursday we will be looking at Buhtrap, a criminal team attacking financial institutions. We are presenting new concepts this week such as consuming Cyber Threat Intelligence that has not been mapped or tracked on MITRE ATT&CK website and explaining the concept of Short and Long Haul C2.

VIEW

Video

New!

June 9, 2020

SCYTHE version 3.0 is coming soon!

Take a look at how easy SCYTHE 3.0 is to install and go through the basic setup on the first run.

VIEW

#ThreatThursday

New!

June 4, 2020

#ThreatThursday - APT19

Adversarial Emulation is a threat intelligence driven process. Leveraging threat intelligence is required for more effective defense (Blue Team) and offense (Red Team). We must understand how threats operate and their behaviors (tactics, techniques, and procedures) to stay ahead of them and prevent or detect when they attack our organization. For these reasons, we want to share our vision for being threat-led with our readers and introduce #ThreatThursday.

VIEW

Presentation

New!

June 3, 2020

SCYTHE & PlexTrac Present: Dealin' With The Data

Join Security Weekly's Tyler Robinson, SCYTHE's Adam Mashinchi, and PlexTrac's Dan DeCloss for a discussion on how to "Deal With The Data". The discussion opens with Tyler outlining common headaches that red teamers must deal with at their jobs.

VIEW

Blog Post

New!

June 1, 2020

SCYTHE Welcomes Jorge Orchilles as Chief Technology Officer

SCYTHE is thrilled to welcome a new unicorn to the executive team: Jorge Orchilles is now the Chief Technology Officer for SCYTHE.

VIEW

Presentation

New!

May 29, 2020

"Measuring Cyber Risk" webinar with Bryson Bort & Paul Rosenzweig.

Good management of cyberspace requires a system of cyber metrics that are transparent, auditable, practical, scalable and the most difficult: widely agreed upon. To that end, we will evaluate various approaches to cyber risk quantification with the aim of informing the development of a public standard for measuring cybersecurity

VIEW

Announcement

New!

May 27, 2020

SCYTHE is a 2020 Innovators' Showcase Honoree

We are proud to announce that SCYTHE has been recognized as a 2020 Innovators' Showcase Honoree!

VIEW

Announcement

New!

May 20, 2020

SCYTHE and PlexTrac Team Up to Streamline Security Data

SCYTHE is excited to announce our integration with PlexTrac— available now! PlexTrac is a next generation platform for red and blue teams to collaborate effectively.

VIEW

Presentation

New!

May 18, 2020

SCYTHE Webinar - Building Blue: Fortifying Data Defenses & Supply Chain Risks

Efficiently maximizing resources has become increasingly important as infrastructure IT teams identify resources to help them protect their networks while short staffed with many team members working remotely. The expert panel will dive into supply chain & data privacy risk considerations for blue teams evaluating both new and existing tools & platforms.

VIEW

Presentation

New!

May 14, 2020

Find your Beacon during the Storm -  Building Your Business during a Crisis

This webinar features a panel with Martin Roesch, Caleb Sima, and Ron Gula discussing about how they built their businesses during an economic crisis and lessons for today.

VIEW

Presentation

New!

May 8, 2020

Bryson Bort's presentation at DerpCon - Entrepreneurial Adventures: Starting Your Own Company

So you’re not crazy, you just want to start your own company. Which kinda takes a level of crazy to pull it off. We’ll talk through what it takes to be an entrepreneur, different kinds of companies (service, product, non-profit), the market, back-office administration, pricing and economics, and my experiences starting three companies.

VIEW

Presentation

New!

May 8, 2020

Wild West Hackin' Cast by Bryson Bort & Jorge Orchilles - Adversarial Emulation with the C2 Matrix

Open source tool release and updates: this is information for the community and a call to action! We have created an open-source C2 evaluation framework so that teams can easily determine what’s the best tool for penetration testing/red teaming particular scenarios.

VIEW

Blog Post

New!

April 14, 2020

What Red Teams need to know about the SCYTHE Marketplace

In this week’s spotlight SCYTHE Advisory Council Member, Tim MalcomVetter shares why Red Teams should get excited about the SCYTHE Marketplace and how it is going to help solve some of the gaps.

VIEW

Blog Post

New!

April 8, 2020

From Moonshot to Slingshot (C2 Matrix Edition)

Having participated in the Cyber Moonshot last year, I’ve seen where grand vision tries to achieve reality. Being a former operator, I’ve always been more comfortable putting tools in the hands of those that can help.

VIEW

Presentation

New!

March 30, 2020

Wild West Hackin' Cast by Adam Mashinchi - Quickstart Guide to MITRE ATT&CK: the Do's and Don'ts when using the Matrix

This webcast will provide the audience with a very fast, yet very practical, overview of ATT&CK; as well as how it is being utilized well, and not-so-well, in the industry.

VIEW

Presentation

New!

March 27, 2020

Bryson Bort's presentation at Advanced Persistent Talks - Adversarial Emulation

The presentation goes through multiple considerations of the entire red team lifecycle. Concluding with how we can work on these activities towards a purple team approach.

VIEW

Presentation

New!

March 11, 2020

Liz Wharton and Suchi Pahi’s presentation at ShmooCon 2020 - Face/Off: Action Plan for Perils & Privileges of Facial Recognition

‍This presentation talks about current facial recognition use cases, growing regulatory concerns, the consequences of facial recognition, and what you can do.

VIEW

Blog Post

New!

March 4, 2020

Innovate at the Edge: Launching Community Driven Security Innovation

Experience-driven threat research at the edge is in the driver’s seat as the SCYTHE Marketplace was unveiled during this year’s RSA Conference.

VIEW

Presentation

New!

February 26, 2020

Bryson Bort & Chris Kreb’s ICS Discussion at RSA Conference 2020

They talk about the vision for community engagement, training and partnership to provide interactive simulated control systems environments.

VIEW

Blog Post

New!

February 19, 2020

What’s the SCYTHE Marketplace?

The SCYTHE Marketplace launching during RSAC 2020 brings expert innovation necessary to measure constantly evolving real world threats. In this week’s SCYTHE spotlight, Adam Mashinchi, SCYTHE’s VP of Product Management, discusses how the SCYTHE Marketplace expands effective threat emulation that keeps pace with the latest trends and how developers can get involved.

VIEW

Blog Post

New!

February 13, 2020

Breaking Imphash

Signaturing is a technique used to associate a unique value to a malware. Roughly, when an enterprise’s security sensor comes across a file, it computes the file’s signature and chooses to deny access if this signature is in the sensor’s set of known malware signatures.

VIEW

Blog Post

New!

February 10, 2020

Meet Advisory Council member, Chloé Messdaghi

SCYTHE had the opportunity to sit down and talk with Advisory Council member, Chloé Messdaghi during ShmooCon 2020.

VIEW

Blog Post

New!

January 29, 2020

Meet SCYTHE’s Marketplace Advisory Council

‍SCYTHE, a leader in continuous breach and attack simulation, is bringing expert innovation to its platform through the introduction of the SCYTHE Marketplace, launching this Spring.

VIEW

Podcast

New!

January 28, 2020

What Is Real-ID And Why Should You Care | A Conversation With Elizabeth Wharton & Steve Luczynski

Liz and Steve talk with ITSP about what Real-ID is and what you need to know about it.

VIEW

Presentation

New!

December 11, 2019

Bryson Bort's Presentation at Wild West Hackin' Fest

Bryson Bort gives a talk at Wild West Hackin' Fest 2019 about Adversarial Emulation.

VIEW

Video

New!

December 3, 2019

The Political Knowledge Gap in Cybersecurity on Capitol Hill

Point3 Security’s VP of Strategy, Chloé Messdaghi sits down with Congressman C.A. Dutch Ruppersberger and CEO and Founder of GRIMM & SCYTHE, Bryson Bort to discuss how to close the knowledge gap in the cybersecurity community.

VIEW

Video

New!

November 18, 2019

Bits and Borders: Navigating Asymmetrical Risks in a Digital World

The Wilson Center's Science and Technology Innovation program hosted a forum exploring the changing digital and analog risk landscape.

VIEW

Blog Post

New!

October 7, 2019

SCYTHE Supports macOS

The SCYTHE team has been hard at work on our latest release, which brings with it a number of updates and new features!

VIEW

Presentation

New!

September 8, 2019

Bryson Bort’s presentation at DerbyCon 2019 - Adversarial Emulation

‍Learn to move your defenses and understanding beyond a detection-based approach which has repeatedly been demonstrated to fail.

VIEW

Podcast

New!

July 29, 2019

Security Sandbox: Not Doing it Alone with Bryson Bort

Bryson Bort talks about his companies GRIMM and SCYTHE, his time in the army, and his very important announcement regarding the names of some unicorns.

VIEW

Blog Post

New!

June 6, 2019

Know Your Enemy: Botnet Command and Control Architectures

What would you do if your company’s IT devices were discovered to be part of a botnet?

VIEW

Blog Post

New!

May 6, 2019

SCYTHE Goes Atomic

The SCYTHE team is excited to announce that our latest release gives you the power of Atomic Red Team with all the automation and ease of use of the SCYTHE platform.

VIEW

Blog Post

New!

April 2, 2019

Modern Authentication Bypasses

*hacker voice* “I’m in” is a Hollywood-esque phrase you’ve probably heard before. But how does someone actually do that? Do you wear a hoodie and change your terminal text to bright green?

VIEW

Blog Post

New!

February 15, 2019

The Purple Team - Organization or Exercise

As the cybersecurity industry continues to evolve, the use of certain terminology is changing and becoming more prevalent; such as the increased mention of Red Teams and Blue Teams inside boardrooms and IT departments.

VIEW

Blog Post

New!

January 18, 2019

SCYTHE: Starting 2019 with Linux and ATT&CK™

The SCYTHE team has been hard at work on our new release and we are proud to present the next major evolution of the SCYTHE Continuous Red Team Automation platform.

VIEW

Blog Post

New!

January 16, 2019

Fileless Malware and the Threat of Convenience

Many of the conveniences brought via modern tools, operating systems, and applications also bring means for an adversary to execute actions while under the guise of a valid service. This is seen distinctly in the increased use of Fileless Malware.

VIEW

Blog Post

New!

December 3, 2018

Paintball at the WMCAT Hub Debut

Paintball with a purpose. That was the theme for the 6th Annual Purple Event, hosted by the West Michigan Cyber Security Consortium (WMCSC) on October 10th at the West Michigan Center for Arts and Technology (WMCAT) facility.

VIEW

Blog Post

New!

October 17, 2018

The Launch of SCYTHE

When I started GRIMM, I had a vision to tackle the greatest cybersecurity challenges that face our clients, industry and the greater business and government communities. Five years later, we have grown into a dynamic and passionate team who strives to make a better, more secure world through the independent research and the services we provide to clients.

VIEW

Blog Post

New!

October 16, 2018

Don’t Get Comfortable Yet - The Declining Fear of Ransomware

With the news that ransomware attacks are on the decline, in favor of crypto-mining (aka “crypto-jacking”), it is tempting to now reshuffle your enterprise’s defensive priorities based on the adversary trends.

VIEW

Blog Post

New!

October 3, 2018

What is SCYTHE's origin story?

When I started GRIMM, I had a vision to tackle the greatest cybersecurity challenges that face our clients, industry and the greater business and government communities.

VIEW

Blog Post

New!

September 18, 2018

A Three-Step Approach to Threats: What All Organizations Should Know (but Equifax Doesn’t)

Within the context of historical cyber breaches, this can be classified as a massive attack: Equifax, one of the “big three” credit-rating agencies, announced earlier this month that hackers gained access to the Social Security numbers, credit card data, driver’s licenses, home addresses and other personally identifiable information (PII) of up to 143 million Americans.

VIEW

Blog Post

New!

September 17, 2018

SCYTHE Announces $3 Million in Initial Financing Round Led by Gula Tech Adventures

Earlier today we announced that we raised $3 million in an initial funding round led by the co-founder of Tenable, Ron Gula of Gula Tech Adventures.This investment will help accelerate our ability to deliver our attack simulation platform and drive new product development. We’ve planned a roadmap of new features and innovations that will disrupt the cybersecurity industry.

VIEW

Blog Post

New!

August 29, 2018

Breach Reality Check: Get More Realistic with the Latest in Attack Simulation

Today, SCYTHE unveiled unique enhancements to the SCYTHE attack simulation platform. This release allows measuring effectiveness of an enterprise’s security controls with granularity and prioritizing areas for real action across the entire enterprise against your people, technology or processes easier than ever before.

VIEW

Blog Post

New!

July 25, 2018

Getting ready for Black Hat?

August is right around the corner, our favorite time of the year - Black Hat and DEF CON! SCYTHE is gearing up for a great week in Las Vegas - and we’re especially excited because this is our first official hacker summer camp since officially launching the company last October. Here’s a bit of what we’ll be up to!

VIEW

Blog Post

New!

May 3, 2018

SCYTHE and the ICS Village’s inaugural RSAC!

Whew. Who’s still recovering from RSAC 2018? GRIMM has been making appearances at the annual conference since launching in 2012. However, this was the inaugural visit for SCYTHE.

VIEW

Blog Post

New!

April 15, 2018

These Scars Must Be Worth Something

A summary of wisdom from years of learning the hard way. Excerpted from a keynote I gave at Rochester Institute of Technology to the RC3 Security Club.

VIEW

Blog Post

New!

January 18, 2018

Understanding the Real Cost of Pen Testing, Red Teaming and Blue Teaming

The void in the cybersecurity workforce is compounding the level of risk faced by enterprises. The global shortage of skilled security workers could reach 1.8 million in the next five years according to the Center for Cyber Safety and Education.

VIEW

let our tech speak for itself

Know where you stand with SCYTHE. Talk to us to start the evaluation process today! We’d love to talk to you about how SCYTHE can fit into your cybersecurity workflow.

Contact Us

LEARN MORE

COMPANY
Contact UsCareersLibraryNews & Events
SCYTHE USE CASES
Red TeamBlue TeamPurple Team
Get In Touch!

Privacy Notice