UnICORN Library

SCYTHE aims to educate and engage in order to inspire the art of the possible in cybersecurity. Adversarial threats, risk management, and security innovation don’t pause when working from home. We have curated a collection of presentations, research, and conversations from our team. Come enjoy our library and stay tuned for the new unicorn content that will be added regularly.

New!

April 15, 2021

UniCon21 Recap

It was a day packed with amazing presentations as we celebrated National Unicorn Day. UniCon21 is a free virtual conference for the security researcher and defender community. Check out all the UniCon21 videos.

VIEW

Blog Post

New!

April 15, 2021

Using SCYTHE payload as Shellcode

Guest blog post by one of our partners, Jean-Maes from NVISO. During Unicon21, I (Jean-Maes) presented how I leverage the D/Invoke project from TheWover to load a SCYTHE campaign using the SCYTHE DLL that is automatically created for each campaign.

VIEW

Blog Post

New!

April 7, 2021

Adversary Emulation Metrics Time to Detect

Offensive security professionals and program coordinators have a learning curve as they mature through the different ethical hacking assessment types. In Vulnerability Assessment/Management and Penetration Testing, we use Common Vulnerabilities and Exposures (CVE IDs) and the Common Vulnerability Scoring System (CVSS) to report a finding using two criteria:

VIEW

Blog Post

New!

April 2, 2021

Setting up SCYTHE-VECTR integration

Many SCYTHE customers like to track their red and purple team exercises in a free reporting tool called VECTR. VECTR is maintained by Security Risk Advisors and we have been working with them on integrations for over a year. Naturally, we help our customers set up VECTR so that they can import SCYTHE campaigns more easily. This is a quick start guide that should help you set up VECTR with SCYTHE integration.

VIEW

#ThreatThursday

New!

March 25, 2021

Threat Thursday - Lazarus

The Lazarus Group (aka HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY)! Lazarus was an extremely active adversary in 2020 and has continued to build capability over the past decade. They are responsible for many high profile hacks seen over the years, such as the Sony hack in 2014. Lazarus Group has been attributed as a North Korean state sponsored hacking group by the FBI.

VIEW

Blog Post

New!

March 2, 2021

Defense Evasion with SCYTHE

“Do you have any tips and tricks to avoiding Anti Virus (AV) and Endpoint Detection and Response (EDR) for initial execution so we can focus on testing the post access adversary behaviors with SCYTHE?” We get this question all the time and figured we should share the answer(s) here in our library. While we will focus on doing this with SCYTHE, you can apply these practices to other tools as well.

VIEW

#ThreatThursday

New!

February 25, 2021

#ThreatThursday - menuPass with special guest Shane Patterson

For this #ThreatThursday is menuPass! Tim Schulz caught up with Shane Patterson to discuss MITRE Engenuity's plan release, challenges in creating emulation plans, and what makes this threat unique!

VIEW

#ThreatThursday

New!

February 25, 2021

#ThreatThursday - menuPass

For this Threat Thursday we are going to look at menuPass (aka APT10/Stone Panda/Red Apollo/CVNX/Potassium/Cloud Hopper), a cyber threat actor responsible for global intellectual property theft that is thought to be affiliated with, or working at the behest of, the Chinese Ministry of State Security.

VIEW

Blog Post

New!

February 18, 2021

How to Defend Against Ransomware

At the RSA Conference in 2020, I gave a joint talk with Chris Krebs, CISA Director at the time, on the formal collaboration between the agency and the non-profit, ICS Village. One of our biggest concerns for the future was ransomware. And unfortunately, we were right.

VIEW

Announcement

New!

February 18, 2021

SCYTHE v3.2 is Available!

We are excited to announce the release of SCYTHE version 3.2! This release brings a number of new features, many of which were specifically created out of feedback from our amazing customers!

VIEW

Blog Post

New!

February 17, 2021

The continuing pain of PowerShell

Microsoft’s PowerShell has long been used by system administrators, and in 2013 when Dave Kennedy and Josh Kelley gave the infamous talk: “PowerShell...omfg”, it was brought to the attention of many security professionals.

VIEW

Blog Post

New!

February 10, 2021

Our Founder and CEO Bryson Bort breaks down the Florida water treatment facility attack.

The attack on the water treatment facility located in Oldsmar, Florida, disclosed last week highlights security shortages in the water utility sector and the rest of the U.S. critical infrastructure sector.

VIEW

Blog Post

New!

February 4, 2021

Introduction to Adversary Emulation

What is adversary emulation? Adversary emulation leverages adversary tactics, techniques, and procedures, enhanced by cyber threat intelligence, to create a security test based on real world intrusion campaigns.

VIEW

Blog Post

New!

January 28, 2021

Red Team Non-Attributable Infrastructure and the Executive Order

The January 19, 2021 Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (mouthful) naturally started various debates and discussions around how this affects Red Team Non-Attributable Infrastructure.

VIEW

Blog Post

New!

January 20, 2021

Parsing an Executive Order: Streaming on Your TV Soon

The Executive Order’s proposed know your customer-style and information sharing regulations are more geared towards addressing intellectual property piracy than thwarting a SolarWinds style attack.

VIEW

Blog Post

New!

January 19, 2021

Why you should embrace Purple Team today

We are not introducing a new job role where you have to hire more people or have to spend more money. See, a purple team is a virtual, functional team that fosters collaboration and efficiency in testing, measuring, and improving your current cyber security people, process, and technology (security controls).

VIEW

#ThreatThursday

New!

January 14, 2021

#ThreatThursday - Egregor Ransomware with Sean Gallagher

Jorge Orchilles sits down with Sean Gallagher, a Senior Threat researcher at Sophos Labs. Sean walks us through understanding how this ransomware operates, creating an adversary emulation plan, and the best defense against a similar attack.

VIEW

#ThreatThursday

New!

January 14, 2021

#ThreatThursday - Egregor Ransomware

This week we will take a look at Egregor ransomware that has breached, exfiltrated data, and brought down multiple networks since September 2020. Stealing data before deploying ransomware has been a common modus operandi of the Egregor group.

VIEW

CISO Stressed

New!

January 8, 2021

Leveraging Resources When Chock Full of Challenges.

Elizabeth Wharton interviews Guest Mitch Parker, Exec. Dir./CISO at Indiana University Health. Healthcare security is present on all of our minds these days. The security and medical communities are working together towards the same goal: protecting the people. You may be wondering, what does that look like in today’s world?

VIEW

New!

January 7, 2021

10 Benefits of Red Team Engagements

We have all heard that, “practice makes perfect'', right? This may have been motivating during school, or while playing on a sports team, but what about today? By now, you’ve probably figured out that it’s impossible to be perfect, and that is perfectly fine (pun intended). In the information security field, all organizations are bound to experience a breach at some point.

VIEW

Blog Post

New!

December 30, 2020

Red Team and Threat-Led Penetration Testing Frameworks

We are presenting a curated list of all Red Team Frameworks in a central, easy to find location. Leveraging frameworks and methodologies for offensive security assessments is a best practice to show your customers and clients you have a repeatable, professional offering.

VIEW

Announcement

New!

December 22, 2020

SCYTHE Welcomes Megan Samford to Advisory Council

As SCYTHE looks boldly ahead into the new year, the Unicorns welcome the expertise of Megan Samford to the Advisory Council. Her accomplished security background, Master’s degree in Public Administration, and strong presence on numerous security boards are some of her many accomplishments in our community.

VIEW

Article

New!

December 16, 2020

No Rest for the Weary: Breaches are Inevitable

In the past week, we learned that both FireEye and SolarWinds were breached. These two breaches are significant because of the companies targeted and the service/products they sell to the industry. Both of these large companies being breached prove once again that anyone can be hacked.

VIEW

#ThreatThursday

New!

December 10, 2020

#ThreatThursday - FIN6 Phase 2

FIN6 is a cyber crime group that specializes in stealing payment card data and sells it in underground marketplaces. This group, also known as Skeleton Spider and ITG08, has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors since at least 2017.

VIEW

Article

New!

December 3, 2020

Attack Infrastructure: Red Teams vs. Malicious Actors

Setting up Attack Infrastructure is an important task performed by Red Teamers and malicious adversaries alike. This week, we chat with Joe Slowik, Senior Security Researcher at Domain Tools, about the differences between Red Team and malicious adversary set ups.

VIEW

#ThreatThursday

New!

November 20, 2020

#ThreatThursday - Berserk Bear

As usual for #ThreatThursday, we will understand Berserk Bear’s behavior, map to MITRE ATT&CK and share the ATT&CK Navigator JSON, create and share an adversary emulation plan in the largest, public adversary behavior repository, and discuss how to defend against this energy sector adversary.

VIEW

CISO Stressed

New!

November 10, 2020

Episode 3: Leveraging Resources When Chock Full of Challenges with Guest Mitch Parker

Healthcare is chock full of adventure - rising number patients, increase in malware attacks, and a shift towards remote work. On this episode of CISO STRESSED Liz sits down with Mitch Parker, Exec. Dir./CISO at Indiana University Health and talks about leveraging and maximizing resources and building trust to solve security challenges facing healthcare systems.

VIEW

#ThreatThursday

New!

November 5, 2020

#ThreatThursday - Ryuk

This week, we take a deeper dive into emulating and defending against the ransomware behind a recent spike in healthcare sector attacks - Ryuk Ransomware. Researchers estimate that Ryuk has been behind a third of the ransomware attacks detected in 2020, including the latest surge in hospital and healthcare IT system attacks.

VIEW

Blog Post

New!

October 28, 2020

Active Directory Attacks with Kerberoasting

Kerberoasting is now available in the SCYTHE Marketplace. In this post, Tim Medin explains how Kerberoasting works during Unicon and also releases a Kerberoast module in the SCYTHE Marketplace to enable SCYTHE operators to seamlessly Kerberoast from within SCYTHE.

VIEW

CISO Stressed

New!

October 27, 2020

Episode 2: Digital Empathy in the Customer Experience (Guest Shawn M Bowen)

Building security in the customer experience, not “compliance helmets” - Shawn Bowen, CISO with Restaurant Brands International, joins CISO Stressed Host Liz Wharton to discuss the value of experience-based learning, digital empathy, and the customer experience.

VIEW

#ThreatThursday

New!

October 22, 2020

#ThreatThursday - FIN6

Welcome to another week of #ThreatThursday! This week’s Threat Thursday is going to be slightly different from the standard as we discuss the FIN6 Adversary Emulation plan released by MITRE Engenuity’s Center for Threat-Informed Defense. We will focus on the importance of machine-readable Cyber Threat Intelligence at the adversary behavior and TTP level, sharing adversary emulation plans, and YAML-to-JSON conversion

VIEW

Blog Post

New!

October 16, 2020

SCYTHE Updates: Purple Team Programming

Meeting today's security challenges requires the Red Team and the Blue Team working together simultaneously - creating a Purple Team. Our CTO, Jorge Orchilles, has been leading the charge developing the standard for Purple Team program materials and trainings. Read more to engage, implement, and experience purple.

VIEW

#ThreatThursday

New!

October 15, 2020

#ThreatThursday - APT41

Welcome to another week of #ThreatThursday. This week we leverage an adversary emulation plan created and shared to the community by a third party: APT41 Emulation Plan. As usual, we will cover Cyber Threat Intelligence, create a threat actor profile, create an adversary emulation plan from the work done by Huy, share the plan in our Github, explain some of the new TTPs we will leverage, and discuss how to defend against APT41.

VIEW

CISO Stressed

New!

October 13, 2020

CISO Stressed Episode 1: Wendy Nather & Tyrone Wilson

Conversations stimulate ideas, solutions, and help us feel connected. In our inaugural episode of CISO Stressed guests Wendy Nather and Tyrone Wilson join Liz to discuss how to adjust to shifting work environments while still providing team members with hands-on training experiences, keeping motivated, and favorite ways to cap off the day.

VIEW

Blog Post

New!

October 9, 2020

FAQs - Getting Started in Ethical Hacking

How do I get started in ethical hacking, penetration testing, or red team? I get this question all the time from people with all sorts of goals. Whether you are getting into vulnerability management, wanting to find 0day vulnerabilities, to red teaming, to emulating adversaries against your organization to test, measure, and improve people, process, and technology, this FAQ is for you.

VIEW

#ThreatThursday

New!

October 8, 2020

#ThreatThursday - SlothfulMedia

On October 1, 2020, US-Cert published a Malware Analysis Report (MAR) in relation to a new malware they have seen in the wild called SlothfulMedia. The report suggests this is a “sophisticated cyber actor” but as you will see, it seems like a very typical Remote Access Trojan. As usual, we will review the Cyber Threat Intelligence, create an adversary emulation plan, demonstrate the emulation, and discuss how to defend against this threat.

VIEW

Blog Post

New!

October 2, 2020

Defend Our Healthcare

Hackers are targeting hospitals with increasingly sophisticated ransomware attacks putting patients at risk. Keeping up with what occurs in information security is a daily task for most practitioners. We have seen how ransomware has gone from an opportunistic, unsophisticated attack against end users to more sophisticated, targeted attacks against organizations.

VIEW

#ThreatThursday

New!

October 1, 2020

#ThreatThursday - MAZE

Welcome to another edition of #ThreatThursday. This week we are excited to kick off Cybersecurity Awareness Month looking at MAZE, a ransomware threat which emerged around May 2019, predominantly affecting organizations in the USA. MAZE, like other ransomware, also has an extortion component, where exfiltration of the original data also occurs in addition to the encryption/ransom component.

VIEW

#ThreatThursday

New!

September 17, 2020

#ThreatThursday - HoneyBee

Welcome to another edition of #ThreatThursday. This week we look at Honeybee, a campaign led by an unknown actor that targets humanitarian aid organizations and has been active in Vietnam, Singapore, Argentina, Japan, Indonesia, and Canada. This post coincides with a talk I gave at EkoParty on Adversary Emulation.

VIEW

#ThreatThursday

New!

September 10, 2020

#ThreatThursday - PowerShell

This week we will look at a MITRE sub-technique that deserves a #ThreatThursday of its own, PowerShell. As an interactive command-line interface and scripting environment included in all supported versions of the Windows operating system, many threat actors have some history of leveraging PowerShell. This sub-technique is an example of a TTP you cannot prevent in your environment; Microsoft includes PowerShell as part of the underlying operating system and it is virtually impossible to remove.

VIEW

#ThreatThursday

New!

September 3, 2020

#ThreatThursday - SpeakUp

This #ThreatThursday we are releasing our first macOS threat to the SCYTHE Community Threats GitHub. As more and more customers migrate to Apple products, we want to provide adversary emulation plans that work against macOS as well. SCYTHE has the ability to create campaigns for Windows, Linux, and macOS. This post will look at emulating a macOS threat known as SpeakUp.

VIEW

#ThreatThursday

New!

August 27, 2020

#ThreatThursday - Custom Threats

At SCYTHE, we spend a lot of time focusing on adversary emulation as it is an ideal method to maturing your red team engagements and purple team exercises for providing the most business value (see our Ethical Hacking Maturity Model). For this post, we want to cover custom threats. What if a new technique is not seen in the wild?

VIEW

Blog Post

New!

August 25, 2020

UniCon CTF - Know Your Payload

On August 20, 2020 we ran our first SCYTHE User Conference, UniCon, our very own unicorn conference. It was a day packed with amazing speakers, lightning talks, briefings, the release of the Marketplace, and a brand new Capture the Flag called “Know Your Payload”. This post will focus on the CTF which was created in collaboration between SCYTHE, the C2 Matrix, SANS, and CounterHack. The scoreboard was hosted by Netwars.

VIEW

Presentation

New!

August 10, 2020

Purple Team Exercise Framework (PTEF) Workshop

SCYTHE's Purple Team Exercise Workshop, introducing the newly released Purple Team Exercise FrameworK (PTEF), is now live and available in our library. Purple Team exercises provide an efficient and effective “hands-on-keyboard” adversary emulation method for Red and Blue Team collaboration.

VIEW

#ThreatThursday

New!

August 6, 2020

#ThreatThursday - Evil Corp

This blog post will dive deeper into the Garmin attack, extract TTPs from Cyber Threat Intelligence, create a MITRE ATT&CK Navigator Layer and adversary emulation plan, emulate the attack with Cobalt Strike (like Evil Corp used) and then drop a synthetic WastedLocker built with SCYTHE, and discuss how to defend against ransomware attacks with Olaf Hartong.

VIEW

Blog Post

New!

August 6, 2020

SCYTHE version 3.1 with MITRE ATT&CK Sub-Techniques

SCYTHE 3.1 is here and will be debuted at DEF CON Red Team Village on 8 AUG! With MITRE ATT&CK sub-techniques going live shortly after our major release of v3.0, we wanted to ensure that you are aligning to the latest and greatest framework in the cybersecurity industry across all of your SCYTHE Campaigns and Reports!

VIEW

Blog Post

New!

August 5, 2020

VECTR Integration

We are proud to announce that SCYTHE campaigns can be imported into VECTR! VECTR is a free platform for planning and tracking your Red Team engagements and Purple Team Exercises by aligning to Blue Team detection and prevention capabilities across different attack scenarios. Many SCYTHE customers leverage VECTR to show the value of the overall Red and Purple Team programs and will now be able to import entire SCYTHE campaigns with just a few clicks. First, make sure to upgrade VECTR to the latest version.

VIEW

Blog Post

New!

August 4, 2020

Virtual Hacker Summer Camp 2020

It's that time of the year again, Hacker Summer Camp! The SCYTHE team has a busy week scheduled as we love to give back to the community. We are giving talks, panels, workshops, releasing tools, and even have two Choose Your Own Adventure games for Red and Blue Teams. Here’s a quick guide to where you can find us virtually over the next few days during Black Hat USA and Def Con Safe Mode.

VIEW

Blog Post

New!

July 31, 2020

Porting Tools to SCYTHE: An SDK Proof of Concept

With the release of the SCYTHE Software Development Kit (SDK), we released two new and important components to help make the development of SCYTHE modules frictionless for third party developers: the Module Buster application and the Python3 runtime. We feel that one of the best ways for us to demonstrate how easy it is to create a new SCYTHE module is to demonstrate how we ported an open source tool, written in Python, to SCYTHE.

VIEW

#ThreatThursday

New!

July 30, 2020

#ThreatThursday - Emotet

On Friday, July 17, many of us woke up to a bunch of new phishing emails. What happened over night? Well, like Sherrod DeGrippo from ProofPoint wrote, emotet returns after a 5 month hiatus. Emotet is a banking trojan that gains access to end user machines and steals their financial information such as login information and personal identifiable information (PII). This week, we met with Sherrod and discussed Emotet. As usual, we create an adversary emulation plan based on Cyber Threat Intelligence and then emulate it with SCYTHE.

VIEW

Blog Post

New!

July 29, 2020

SCYTHE’s Ethical Hacking Maturity Model

SCYTHE’s Ethical Hacking Maturity Model enables leading organizations to assess and strengthen their security posture through ethical hacking. There are a number of assessment types an ethical hacker can perform against an organization and this document goes through the process. Enterprises can use SCYTHE’s Ethical Hacking Maturity Model to evolve to the more advanced assessments and operationalize Adversary Emulations via Red Team Engagements and Purple Team Exercises.

VIEW

Blog Post

New!

July 24, 2020

Announcing UniCon

UniCon, our very own Unicorn Conference, is a free conference for security researchers, developers, red teamers, blue teamers, and purple teamers taking place on August 20! We will have two excellent keynotes from Olaf Hartong and John Strand, the release of the SCYTHE Marketplace with custom modules, introduction and AMA with our platform engineers to ask all the technical questions about C2 and synthetic malware, lighting talks with researchers and module developers, great talks, and a brand new CTF.

VIEW

#ThreatThursday

New!

July 23, 2020

#ThreatThursday - Deep Panda

This week we interviewed Bradford Regeski, a Cyber Threat Intelligence analyst at H-ISAC, about the top threats the healthcare industry is seeing. He shared a number of excellent resources on threat actors, told us a little more about H-ISAC, and dove deeper into Deep Panda.

VIEW

#ThreatThursday

New!

July 16, 2020

#ThreatThursday - Orangeworm

This week on #ThreatThursday we cover the latest release of MITRE ATT&CK (with sub-techniques), announce a healthcare partnership, and look at a threat actor that has been targeting the healthcare sector for years: Orangeworm. As usual, we consume Cyber Threat Intelligence, create a threat profile and adversary emulation plan, and discuss how to defend against Orangeworm.

VIEW

Blog Post

New!

July 13, 2020

Splunk Integration

Enterprise-grade platforms have to integrate with other enterprise solutions in order to be effective. SCYTHE focuses on providing business value through adversary emulation and showing whether security tools and controls are properly implemented and tuned to detect malicious behavior. To implement an enterprise solution, SCYTHE integrates with other solutions such as Splunk, PlexTrac, VECTR, and virtually any solution or SIEM via syslog.

VIEW

Blog Post

New!

July 10, 2020

Breaching Terms of Service Doesn’t Breach the CFAA: Protect Independent Security Research

Advances in securing medical devices, vehicle systems, and any of the other systems and connected devices used daily would not be possible without independent researchers testing and auditing those in novel and often unanticipated manners from that intended by the computer/website/app owners.

VIEW

#ThreatThursday

New!

July 9, 2020

#ThreatThursday - Managing Threats

Welcome to another edition of #ThreatThursday! We now have a section on this blog exclusively for #ThreatThursday so that you may efficiently find the resources for CTI analysis, threat emulation, and remediation in one location every week: https://www.scythe.io/threatthursday Feel free to bookmark or subscribe to the RSS feed.

VIEW

Blog Post

New!

July 8, 2020

Under the Hood: SCYTHE Architectural Overview (Part 1)

Hey, this is Ateeq Sharfuddin, head of the engineering team at SCYTHE. Our team has spent the better part of the past year developing significant improvements for version 3 of the SCYTHE platform. As the threat landscape, including adversary tactics, techniques, and procedures (TTPs), constantly evolves, developing an adversary emulation platform must be similarly agile and updated.

VIEW

Blog Post

New!

July 7, 2020

SCYTHE 3.0 is here!

The SCYTHE team has been busy working on version 3.0, our latest release. This release brings major improvements, including support for in-memory third-party Python Modules built using the SCYTHE Software Development Kit (SDK), and will lead up to the launch of the SCYTHE Marketplace.

VIEW

Blog Post

New!

July 6, 2020

Software Development Kit

As the leading platform for Purple Teaming, SCYTHE is proud to release version 3.0 and the new SCYTHE Software Development Kit! SCYTHE now offers an in-memory Python interpreter so developers can write modules entirely in Python. Operators will be thrilled to hear that the runtime and modules operate entirely in-memory without touching the disk. The Software Development Kit (SDK) gives developers a seamless module creation and validation experience.

VIEW

#ThreatThursday

New!

July 2, 2020

#ThreatThursday - Ransomware

A day hardly goes by without hearing about another ransomware attack. Just this week I read, on SANS NewsBites, that University of California San Francisco (UCSF) paid $1.1 million to regain access to their data. This week’s #ThreatThursday we take a look at a ransomware example, learn how criminals are evolving to get paid, create an adversary emulation plan that is safe but valuable for enterprises, and speak to industry thought leader, Olaf Hartong, about defending against ransomware attacks using Sysmon.

VIEW

Presentation

New!

June 28, 2020

Cuddling the Cozy Bear, Emulating APT29 by Jorge Orchilles - Cyber Junegle

In this talk, we will learn about APT29 “Cozy Bear”, how they operate and what their objectives are. We will create an adversary emulation plan using C2 Matrix to pick the best command and control framework that covers the most TTPs. We will spend at least half the talk live demoing the attack with various tools that emulate the adversary behaviors and TTPs.

VIEW

#ThreatThursday

New!

June 25, 2020

#ThreatThursday - Cozy Bear

This week on #ThreatThursday we look at Cozy Bear, or APT29, a Russian government threat group that has been operating since at least 2008. This group is most famous because of the attribution to the Democratic National Committee hack in the summer of 2015.

VIEW

#ThreatThursday

New!

June 18, 2020

#ThreatThursday - APT33

This week on #ThreatThursday we look at an Iranian Threat Actor, APT33 or Elfin. We introduce the MITRE ATT&CK Beta with sub-techniques, create and share an adversary emulation plan for APT33 on Github, show how to execute PowerShell (both powershell.exe and unmanaged PowerShell) through SCYTHE and show how to perform lateral movement within the SCYTHE user interface as well as on the command line.

VIEW

Presentation

New!

June 12, 2020

SCYTHE Demo with Jorge Orchilles

Jorge Orchilles covered a number of topics and did live demos of some of the features coming in SCYTHE version 3.0 including the virtual file system, third party modules, and the SCYTHE Marketplace.

VIEW

#ThreatThursday

New!

June 11, 2020

#ThreatThursday - Buhtrap

In this #ThreatThursday we will be looking at Buhtrap, a criminal team attacking financial institutions. We are presenting new concepts this week such as consuming Cyber Threat Intelligence that has not been mapped or tracked on MITRE ATT&CK website and explaining the concept of Short and Long Haul C2.

VIEW

Video

New!

June 9, 2020

SCYTHE version 3.0 is coming soon!

Take a look at how easy SCYTHE 3.0 is to install and go through the basic setup on the first run.

VIEW

#ThreatThursday

New!

June 4, 2020

#ThreatThursday - APT19

Adversarial Emulation is a threat intelligence driven process. Leveraging threat intelligence is required for more effective defense (Blue Team) and offense (Red Team). We must understand how threats operate and their behaviors (tactics, techniques, and procedures) to stay ahead of them and prevent or detect when they attack our organization. For these reasons, we want to share our vision for being threat-led with our readers and introduce #ThreatThursday.

VIEW

Presentation

New!

June 3, 2020

SCYTHE & PlexTrac Present: Dealin' With The Data

Join Security Weekly's Tyler Robinson, SCYTHE's Adam Mashinchi, and PlexTrac's Dan DeCloss for a discussion on how to "Deal With The Data". The discussion opens with Tyler outlining common headaches that red teamers must deal with at their jobs.

VIEW

Blog Post

New!

June 1, 2020

SCYTHE Welcomes Jorge Orchilles as Chief Technology Officer

SCYTHE is thrilled to welcome a new unicorn to the executive team: Jorge Orchilles is now the Chief Technology Officer for SCYTHE.

VIEW

Presentation

New!

May 29, 2020

"Measuring Cyber Risk" webinar with Bryson Bort & Paul Rosenzweig.

Good management of cyberspace requires a system of cyber metrics that are transparent, auditable, practical, scalable and the most difficult: widely agreed upon. To that end, we will evaluate various approaches to cyber risk quantification with the aim of informing the development of a public standard for measuring cybersecurity

VIEW

Announcement

New!

May 27, 2020

SCYTHE is a 2020 Innovators' Showcase Honoree

We are proud to announce that SCYTHE has been recognized as a 2020 Innovators' Showcase Honoree!

VIEW

Announcement

New!

May 20, 2020

SCYTHE and PlexTrac Team Up to Streamline Security Data

SCYTHE is excited to announce our integration with PlexTrac— available now! PlexTrac is a next generation platform for red and blue teams to collaborate effectively.

VIEW

Presentation

New!

May 18, 2020

SCYTHE Webinar - Building Blue: Fortifying Data Defenses & Supply Chain Risks

Efficiently maximizing resources has become increasingly important as infrastructure IT teams identify resources to help them protect their networks while short staffed with many team members working remotely. The expert panel will dive into supply chain & data privacy risk considerations for blue teams evaluating both new and existing tools & platforms.

VIEW

Presentation

New!

May 14, 2020

Find your Beacon during the Storm - Building Your Business during a Crisis

This webinar features a panel with Martin Roesch, Caleb Sima, and Ron Gula discussing about how they built their businesses during an economic crisis and lessons for today.

VIEW

Presentation

New!

May 8, 2020

Bryson Bort's presentation at DerpCon - Entrepreneurial Adventures: Starting Your Own Company

So you’re not crazy, you just want to start your own company. Which kinda takes a level of crazy to pull it off. We’ll talk through what it takes to be an entrepreneur, different kinds of companies (service, product, non-profit), the market, back-office administration, pricing and economics, and my experiences starting three companies.

VIEW

Presentation

New!

May 8, 2020

Wild West Hackin' Cast by Bryson Bort & Jorge Orchilles - Adversarial Emulation with the C2 Matrix

Open source tool release and updates: this is information for the community and a call to action! We have created an open-source C2 evaluation framework so that teams can easily determine what’s the best tool for penetration testing/red teaming particular scenarios.

VIEW

Blog Post

New!

April 14, 2020

What Red Teams need to know about the SCYTHE Marketplace

In this week’s spotlight SCYTHE Advisory Council Member, Tim MalcomVetter shares why Red Teams should get excited about the SCYTHE Marketplace and how it is going to help solve some of the gaps.

VIEW

Blog Post

New!

April 8, 2020

From Moonshot to Slingshot (C2 Matrix Edition)

Having participated in the Cyber Moonshot last year, I’ve seen where grand vision tries to achieve reality. Being a former operator, I’ve always been more comfortable putting tools in the hands of those that can help.

VIEW

Presentation

New!

March 30, 2020

Wild West Hackin' Cast by Adam Mashinchi - Quickstart Guide to MITRE ATT&CK: the Do's and Don'ts when using the Matrix

This webcast will provide the audience with a very fast, yet very practical, overview of ATT&CK; as well as how it is being utilized well, and not-so-well, in the industry.

VIEW

Presentation

New!

March 27, 2020

Bryson Bort's presentation at Advanced Persistent Talks - Adversarial Emulation

The presentation goes through multiple considerations of the entire red team lifecycle. Concluding with how we can work on these activities towards a purple team approach.

VIEW

Presentation

New!

March 11, 2020

Liz Wharton and Suchi Pahi’s presentation at ShmooCon 2020 - Face/Off: Action Plan for Perils & Privileges of Facial Recognition

‍This presentation talks about current facial recognition use cases, growing regulatory concerns, the consequences of facial recognition, and what you can do.

VIEW

Blog Post

New!

March 4, 2020

Innovate at the Edge: Launching Community Driven Security Innovation

Experience-driven threat research at the edge is in the driver’s seat as the SCYTHE Marketplace was unveiled during this year’s RSA Conference.

VIEW

Presentation

New!

February 26, 2020

Bryson Bort & Chris Kreb’s ICS Discussion at RSA Conference 2020

They talk about the vision for community engagement, training and partnership to provide interactive simulated control systems environments.

VIEW

Blog Post

New!

February 19, 2020

What’s the SCYTHE Marketplace?

The SCYTHE Marketplace launching during RSAC 2020 brings expert innovation necessary to measure constantly evolving real world threats. In this week’s SCYTHE spotlight, Adam Mashinchi, SCYTHE’s VP of Product Management, discusses how the SCYTHE Marketplace expands effective threat emulation that keeps pace with the latest trends and how developers can get involved.

VIEW

Blog Post

New!

February 13, 2020

Breaking Imphash

Signaturing is a technique used to associate a unique value to a malware. Roughly, when an enterprise’s security sensor comes across a file, it computes the file’s signature and chooses to deny access if this signature is in the sensor’s set of known malware signatures.

VIEW

Blog Post

New!

February 10, 2020

Meet Advisory Council member, Chloé Messdaghi

SCYTHE had the opportunity to sit down and talk with Advisory Council member, Chloé Messdaghi during ShmooCon 2020.

VIEW

Blog Post

New!

January 29, 2020

Meet SCYTHE’s Marketplace Advisory Council

‍SCYTHE, a leader in continuous breach and attack simulation, is bringing expert innovation to its platform through the introduction of the SCYTHE Marketplace, launching this Spring.

VIEW

Podcast

New!

January 28, 2020

What Is Real-ID And Why Should You Care | A Conversation With Elizabeth Wharton & Steve Luczynski

Liz and Steve talk with ITSP about what Real-ID is and what you need to know about it.

VIEW

Presentation

New!

December 11, 2019

Bryson Bort's Presentation at Wild West Hackin' Fest

Bryson Bort gives a talk at Wild West Hackin' Fest 2019 about Adversarial Emulation.

VIEW

Video

New!

December 3, 2019

The Political Knowledge Gap in Cybersecurity on Capitol Hill

Point3 Security’s VP of Strategy, Chloé Messdaghi sits down with Congressman C.A. Dutch Ruppersberger and CEO and Founder of GRIMM & SCYTHE, Bryson Bort to discuss how to close the knowledge gap in the cybersecurity community.

VIEW

Video

New!

November 18, 2019

Bits and Borders: Navigating Asymmetrical Risks in a Digital World

The Wilson Center's Science and Technology Innovation program hosted a forum exploring the changing digital and analog risk landscape.

VIEW

Blog Post

New!

October 7, 2019

SCYTHE Supports macOS

The SCYTHE team has been hard at work on our latest release, which brings with it a number of updates and new features!

VIEW

Presentation

New!

September 8, 2019

Bryson Bort’s presentation at DerbyCon 2019 - Adversarial Emulation

‍Learn to move your defenses and understanding beyond a detection-based approach which has repeatedly been demonstrated to fail.

VIEW

Podcast

New!

July 29, 2019

Security Sandbox: Not Doing it Alone with Bryson Bort

Bryson Bort talks about his companies GRIMM and SCYTHE, his time in the army, and his very important announcement regarding the names of some unicorns.

VIEW

Blog Post

New!

June 6, 2019

Know Your Enemy: Botnet Command and Control Architectures

What would you do if your company’s IT devices were discovered to be part of a botnet?

VIEW

Blog Post

New!

May 6, 2019

SCYTHE Goes Atomic

The SCYTHE team is excited to announce that our latest release gives you the power of Atomic Red Team with all the automation and ease of use of the SCYTHE platform.

VIEW

Blog Post

New!

April 2, 2019

Modern Authentication Bypasses

*hacker voice* “I’m in” is a Hollywood-esque phrase you’ve probably heard before. But how does someone actually do that? Do you wear a hoodie and change your terminal text to bright green?

VIEW

Blog Post

New!

February 15, 2019

The Purple Team - Organization or Exercise

As the cybersecurity industry continues to evolve, the use of certain terminology is changing and becoming more prevalent; such as the increased mention of Red Teams and Blue Teams inside boardrooms and IT departments.

VIEW

Blog Post

New!

January 18, 2019

SCYTHE: Starting 2019 with Linux and ATT&CK™

The SCYTHE team has been hard at work on our new release and we are proud to present the next major evolution of the SCYTHE Continuous Red Team Automation platform.

VIEW

let our tech speak for itself

Know where you stand with SCYTHE. Talk to us to start the evaluation process today! We’d love to talk to you about how SCYTHE can fit into your cybersecurity workflow.

LEARN MORE