SCYTHE version 3.1 with MITRE ATT&CK Sub-Techniques

SCYTHE 3.1 is here and will be debuted at DEF CON Red Team Village on 8 AUG!  With MITRE ATT&CK sub-techniques going live shortly after our major release of v3.0, we wanted to ensure that you are aligning to the latest and greatest framework in the cybersecurity industry across all of your SCYTHE Campaigns and Reports!


What’s New?

  • Support for ATT&CK Sub-Techniques - Whether you are manually tagging your Custom Actions, or importing exercises from Atomic Red Team, SCYTHE now supports the ability to tag your actions with the ATT&CK sub-techniques (i.e. T1234.001)!
  • New Report Option: ATT&CK Navigator (JSON) - Although SCYTHE provides a MITRE ATT&CK Report, we wanted to include the option for operators to export their ATT&CK Tags via the ATT&CK Navigator JSON format. 
  • Atomic Red Team Updates - In addition to bringing the Atomic Red Team selector in SCYTHE to the current version, we added the options to utilize an exercise’s pre- and post- actions, all from within the SCYTHE Automation user interface!
  • Support for Python 3 Runtime for Linux & OSX - With SCYTHE v3.0 we brought the ability to load the Python 3 runtime in memory to Windows; with 3.1 we are bringing the same functionality to Linux and masOC Campaigns! Operators can now create SCYTHE Modules for Linux & OSX in Python using our SDK, and have them run on the endpoint through the Python Runtime.
  • Exporting to VECTR - SCYTHE has collaborated with SRA so that SCYTHE Campaigns can be imported into VECTR. VECTR is a free platform for planning and tracking your Red Team engagements and Purple Team Exercises by aligning to Blue Team detection and prevention capabilities across different attack scenarios. Check out our blog post for more.


SCYTHE provides an advanced attack emulation platform for the enterprise and cybersecurity consulting market. The SCYTHE platform enables Red, Blue, and Purple teams to build and emulate real-world adversarial campaigns in a matter of minutes. Customers are in turn enabled to validate the risk posture and exposure of their business and employees and the performance of enterprise security teams and existing security solutions. Based in Arlington, VA, the company is privately held and is funded by Gula Tech Adventures, Paladin Capital, Evolution Equity, and private industry investors. For more information email, visit, or follow on Twitter @scythe_io.