The SCYTHE platform offers maximum flexibility to emulate adversary behaviors and automate your control testing and validation. SCYTHE eliminates the need to:
    • Investigate threat actor behavior
    • Build a profile of procedure-level steps to emulate the threat actor
    • Educate the Red Team on those procedures
    • Coordinate with the Red Team to execute those procedures (assuming you have a Red Team in the first place; if not, it is even harder to emulate without SCYTHE)
    Unicorn Trio Cropped

    #ThreatThursday posts go well beyond just the adversary emulation plan.

    Most #ThreatThursday posts include some (or all) of the following:

    Vector (8)
    Threat actor description/ introduction
    Vector (10)
    Descriptions of adversary TTPs, as derived from from CTI
    Emulation plan based on procedure-level intelligence
    Vector (7)
    Mapping of emulated procedures to MITRE ATT&CK techniques
    Vector (1)-3
    Detection techniques (sometimes including Sigma rules)

    SCYTHE strives to publish #ThreatThursday plans at least monthly. Customers with access to the SCYTHE platform will benefit most from #ThreatThursday posts, but the information provided is useful to anyone interested in threat emulation, and some of it can be operationalized without any platform access.