#ThreatThursday - Managing Threats

Welcome to another edition of #ThreatThursday! We now have a section on this blog exclusively for #ThreatThursday so that you may efficiently find the resources for CTI analysis, threat emulation, and remediation in one location every week: https://www.scythe.io/threatthursday Feel free to bookmark or subscribe to the RSS feed

This was a busy week with the release of SCYTHE 3.0! The new features and the new Software Development Kit allow you to create your own custom threats with custom modules in Python. Our head of engineering also published a post going Under the Hood: SCYTHE Architectural Overview. We hope you enjoy SCYTHE 3.0 and encourage you to build and share custom modules with the community in the SCYTHE Marketplace.

With most of our customers upgrading to 3.0, we're using this #ThreatThursday to talk about migrating threats between SCYTHE instances. SCYTHE allows for the consistent emulation of adversary behaviors across all of your infrastructure. Some customers have more than one instance of SCYTHE based on network segmentation and trust boundaries and want to consistently test across those boundaries. It is very simple to do that by migrating threats.

Migrating Threats

In previous #ThreatThursday posts, we showed the Community Threats Github where anyone can share threats with the community. And, you can export and import your own threats across your SCYTHE instances privately. For example, if you are managing multiple SCYTHE instances across your teams, threat migration is how you can ensure consistent execution across various segments of the network and trust boundaries. The menu for Migrating Threats is under Threat Manager. Log in to your SCYTHE dashboard and on the left side menu select “Threat Manager” and then Migrate Threats as shown in Figure 1:

Figure 1: Threat Manager Menu in SCYTHE

Export Threat

To download a custom threat, simply click on the chosen “Threat Name” and it will automatically download it as a JSON file as seen in Figure 2. Just upload the file. The SCYTHE team will review the threat before approving it just to make sure it works.


Figure 2: Export Threat by clicking on the Threat Name

Import Threat

To import a threat, login to the SCYTHE instance where you want to migrate the threat. This may require moving the JSON file across trust boundaries or downloading from the Community Threats Github. Click “Choose File” to select the JSON file you wish to import and then Click Import as shown in Figure 3.

Figure 3: Import Threat


Call to Action

We hope you enjoy SCYTHE 3.0 and encourage you to build and share custom threats and modules with the community. Threats can be managed under the Threat Manager - Migrate Threats menu in the SCYTHE dashboard. Exporting Threats is as easy as clicking on the name and saving the JSON file. Importing Threats is as simple as selecting the JSON file and clicking Import. You can then upload them to community threats. For custom modules, download the SDK and share the modules with the community in the SCYTHE Marketplace (launching later this summer).

This Threat Thursday post discusses active research by SCYTHE and other cited third parties into an ongoing threat. The information in this post should be considered preliminary and may be updated as research continues. This information is provided “as-is” without any warranty or condition of any kind, either express or implied.

About SCYTHE

SCYTHE provides an advanced attack emulation platform for the enterprise and cybersecurity consulting market. The SCYTHE platform enables Red, Blue, and Purple teams to build and emulate real-world adversarial campaigns in a matter of minutes. Customers are in turn enabled to validate the risk posture and exposure of their business and employees and the performance of enterprise security teams and existing security solutions. Based in Arlington, VA, the company is privately held and is funded by Gula Tech Adventures, Paladin Capital, Evolution Equity, and private industry investors. For more information email info@scythe.io, visit https://scythe.io, or follow on Twitter @scythe_io