GRIMM Blog

SCYTHE: Starting 2019 with Linux and ATT&CK™ The SCYTHE team has been hard at work on our new release and we are proud to present the next major evolution of the SCYTHE  Continuous Red Team Automation  platform. What’s New More auto-generated implants Linux support One-Click MITRE ATT&CK Report New Threats in the Threat Catalog New Logging Output Option Linux Implant Builder The campaign creation menu now allows you to select an operating system for Linux campaign creation. You will have the SCYTHE automation and ease of use you have come to expect, but the platform will now produce Linux executable to deploy as your own custom malware/agent. MITRE ATT&CK Report Continuously monitor how well the organization’s risk posture is fortified across the MITRE ATT&CK matrix. In addition to our existing MITRE ATT&CK functionality, SCYTHE now supports a one-click report, showing you which ATT&CK Techniques were utilized in your campaign and summary of t

Fileless Malware and the Threat of Convenience Many of the conveniences brought via modern tools, operating systems, and applications also bring means for an adversary to execute actions while under the guise of a valid service. This is seen distinctly in the increased use of Fileless Malware. Fileless Malware can be broadly defined as execution of malicious instructions in memory with no requirement for these instructions to be backed by a file on disk. One way to understand this is through the following example: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";alert('foo'); The above: utilizes the legitimate Windows utility rundll32.exe, loads the DLL mshtml.dll, calls “RunHTMLApplication” entrypoint, executes the Javascript command, and ultimately creates a popup containing the word foo. A Blue Team defender can use Process Monitor to witness all of the above simply searching for rundll32. But what makes the previous command an example o