SCYTHE v3.2 is Available!

SCYTHE v3.2 is Available!

We are excited to announce the release of SCYTHE version 3.2! This release brings a number of new features, many of which were specifically created out of feedback from our amazing customers! One major theme of this release is “deployability” by making it even easier to get started with SCYTHE.

Signed Payloads &  New Stage 1 (The SCYTHE Client-Host)

SCYTHE now provides the ability to upload and sign your payloads using operator-provided certificates. This allows for the payloads to be run as trusted applications in your environment, meaning that you can create your own zero-day vulnerability scenario in seconds. Whether you are looking to make SCYTHE payloads easier to deploy from an IT perspective, or running a scenario as if an adversary has compromised a protected signing certificate, SCYTHE makes these activities turn-key. 

“Client Host” Binary Addition

A new addition to this release is the first “Utility” section of SCYTHE: the “Client Host” binary. The Client Host binary acts as a stage-1 executable which downloads, then runs, a SCYTHE payload on an endpoint. This capability, which can also be signed, provides operators with what is essentially a “zero-day button” that will download and execute your SCYTHE payloads; making SCYTHE payloads more deployable for a wider range of environments. You also have the ability to allow-list the payload, even if not signed, as the stage-1 can load other campaigns. This further moves your organization to an Assume Breach so you can focus on all the other MITRE ATT&CK tactics.


Custom ATT&CK Exercises/TTP’s  (making it easy for you!)

One of the primary motivations for all SCYTHE features and functionality is convenience and providing a frictionless adversary emulation experience. With that goal in mind, we have rolled out the ability to add your custom or imported Threats into the MITRE ATT&CK picker in the Automation user interface.



When an operator tags a Threat with an ATT&CK ID that entire Threat’s automation steps appear in the automation workflow. This allows senior operators to queue up exercises for juniors to select from, and also encourages breaking Threats up into smaller attack chains. By creating smaller components for Threats, it becomes even easier to combine them together in the Automation interface.  

Single Sign On via OpenID Connect

By popular demand, and in collaboration with our enterprise customers, SCYTHE now supports Single Sign On (SSO) via the OpenID Connect standard. With this capability the platform can  be deployed and integrated into a corporate workflow, and requires even less attention when on-boarding and off-boarding operators from a staff member. 


NIST-800 Navigator Report

Building on the amazing work being done by MITRE’s Center for Threat-Informed Defense, we have added a new MITRE ATT&CK Navigator layer output based on the NIST 800-53 mapping! Similar to the existing ATT&CK Navigator JSON output, we have added this new JSON output as a convenience for those organizations who want to align their adversary emulation activities with both ATT&CK and NIST 800-53.

What does it mean to you?

  • With the SCYTHE Client Host, operations can sign and deploy Campaigns and Payloads with more ease and security than ever before.
  • Using the Custom ATT&CK Exercises, Senior Red Team Operators can design one-click adversary automation for junior staff.
  • Enterprise administrators can integrate SCYTHE with their SSO provider for easier management of their SCYTHE operators.

See it in action


SCYTHE provides an advanced attack emulation platform for the enterprise and cybersecurity consulting market. The SCYTHE platform enables Red, Blue, and Purple teams to build and emulate real-world adversarial campaigns in a matter of minutes. Customers are in turn enabled to validate the risk posture and exposure of their business and employees and the performance of enterprise security teams and existing security solutions. Based in Arlington, VA, the company is privately held and is funded by Gula Tech Adventures, Paladin Capital, Evolution Equity, and private industry investors.