Happy #ThreatThursday Learn about threat group Yanluowang It includes mini emulations you can combine. Great detection engineering with #SIGMA mapping of various @MITREattack TTPs. Great work by the @scythe_io team! @MalwareJake @SecPanda_ @SecurePeacock...
Last week's #ThreatThursday was 🔥Covers CTI, attack emulation, and detection. Shout out to the team for the hard work. I hope you all enjoy: www.scythe.io/library/threat-emulation...
@SecPanda_ @SecurePeacock @MalwareJake @scythe_io #purpleteam #redteam #blueteam...
Happy #ThreatThursday Check out the updated site to learn more https://www.scythe.io/threatthursday
Two years ago @scythe_io introduced this series which now has over 40 threats! Amazed how it has grown with contributions from @teschulz @SecurePeacock @MalwareJake @Natha_Sect...
Happy #ThreatThursday!!! We have a ton of content to help you improve your people, process, and security controls with attack, detect, and respond!
First up, @SecurePeacock and I wrote up how to operationalize @redcanary 2022 Threat Detection Report:...
The use case during the presentation is available in further detail in this #ThreatThursday post on #Diavol Thanks to @TheDFIRReport for the great reporting. www.scythe.io/library/adversary-emulat...
This #ThreatThursday we look at #Phobos #Ransomware. Check it out
www.scythe.io/library/threatthursday-p...
Happy #ThreatThursday! Check out our previous posts as you wait for the release. We consume CTI, map to @MITREattack, build/share adversary emulation plans so your #redteam can easily emulate the attack, and #blueteam can detect and respond...
Low sophistication #ransomware that nets, on average, $57k per target. Little sneak peak into tomorrow's @scythe_io #ThreatThursday #RansomwareSucks
Happy #ThreatThursday Thanks to Aug 25 FBI alert, we look at Hive. @scythe_io customers can import the JSON from our Community Threats GitHub right now. Full blog post coming later today. #adversaryemulation #purpleteam #ransomwaresucks #CTI...
#RansomwareSucks Stay tuned for the latest, active ransomware we are tracking this #ThreatThursday @scythe_io
Conti #ransomware latest target is a Nokia subsidiary: www.bleepingcomputer.com/news/security/nokia-subs...
Conti is currently the most active ransomware with the most targets. Here is our #ThreatThursday with more so...
Thanks for coming to my #WWHF talk on operationalizing #purpleteam The use case is documented in today's #ThreatThursday along with references and links. Slides will be available with reference and shout outs to all contributors 🦄@WWHackinFest @scythe_io...
Full post on @scythe_io #ThreatThursday blog post: www.scythe.io/library/florida-water-pl...
#adversaryemulation plan shared on GitHub: github.com/scythe-io/community-thre... 9/10
🧵on stealing TeamViewer credentials
Many organizations have systems with TeamViewer actively running; some know it and manage it correctly, other have no idea it is running or where. The latter probably have multiple versions #redteam #blueteam #purpleteam #ThreatThursday 1/10
Ouch, the #Ryuk ransomware attack cost United Health Services $67 MILLION! @snlyngaas reports @CyberScoopNews: www.cyberscoop.com/universal-health-service...
We covered Ryuk on @scythe_io #ThreatThursday with Sean as our special guest:...
New adversary emulation plan coming this #ThreatThursday This threat group has over 150 victim organizations to its name and they only started operating in September 2020. @scythe_io
Big day today! @BlackHatEvents Europe Arsenal talk at 8am EST (1pm UTC) #c2matrix, @securityweekly Unlocked talk at 2:30pm EST #purpleteam, @kringlecon 3 #holidayhack talks up and game is open, and #threatthursday new threat release! @brysonbort @Adam_Mashinchi @c2_matrix
Happy Monday all! Check out #ThreatThursday on #BerserkBear This is a Russian threat actor that is gaining access to our energy sector but has yet to "pull the trigger" and cause any major impact. I first read about it on @WIRED and decided to dig...
Watching @Grifter801 and Cyborg Security presenting @BlackHatEvents on #ThreatHunting It was such a pleasure working with Cyborg Security folks the past two weeks for #ThreatThursday on #BerserkBear an adversary @a_greenberg wrote about in WIRED recently.
https://bit.ly/2UIXD7G
Last week I got to speak with @snlyngaas from @CyberScoopNews about #Ryuk #Ransomware for #ThreatThursday I learned more about the FBI/CISA alert to hospitals about an imminent threat. Can't believe adversaries are going after healthcare in a...
Cool to see @MITREattack will be releasing #adversaryemulation plans for #redteam and #purpleteam: medium.com/mitre-engenuity/introduc...
It is exactly what we are doing every week on @scythe_io #ThreatThursday...
When doing #AdversaryEmulation, you can deviate from the plan if TTPs are blocked or detected. Malicious actors adapt and so should you! Last #ThreatThursday was about custom threats, creating custom modules, and sharing them in Marketplace:...
More references from #Purpleteam exercise framework @VillageRedTeam
#ThreatThursday: https://www.scythe.io/threatthursday
#C2Matrix: https://thec2matrix.com/
Atomic Purple Team: https://github.com/DefensiveOrigins/AtomicPurpleTeam
SCYTHE Playbooks:...
References 3/3:
C2 Matrix: https://thec2matrix.com
SCYTHE emulation plans: https://github.com/scythe-io/community-threats/
#ThreatThursday: https://www.scythe.io/threatthursday
Unicon: https://www.scythe.io/unicon2020
@VillageRedTeam #adversaryemulation @defcon...
Emotet is back! Last #ThreatThursday I caught up with @sherrod_im from @proofpoint to discuss the #emotet comeback, its evolution, and how to defend against it.
https://scythe.io/library/threatthursday-emotet
#adversaryemulation #banking #phishing #redteam #blueteam #purpleteam...
We collaborated with @ActiveCmeasures last #ThreatThursday to look at a healthcare related threat actor #Orangeworm
Keith ran the synthetic malware through their tools and discusses how to detect: www.activecountermeasures.com/malware-of-the-day-orang...
@scythe_io...
Organized the @scythe_io Community Threats GitHub to have folders per adversary we have looked at during #ThreatThursday. This allows for saving @MITREattack Navigator Layers and multiple emulation plans in a more organized fashion: https://github.com/scythe-io/community-threats
What questions are you getting from CISOs related to the US ordering Chinese consulate to close? China said they will retaliate. Time to start looking up how Chinese threat actors operate. Here is one actor that we covered on the first #ThreatThursday...
