Published in Picus Security·Nov 2, 2020The Zerologon Vulnerability — How to Test it… Safely!by Süleyman Özarslan, PhD On the 11th of August 2020, Microsoft released a security update[1], CVE-2020–1472 | Netlogon Elevation of Privilege Vulnerability, for a critical vulnerability within the Netlogon Remote Protocol (MS-NRPC)[2]in Windows Server operating systems, namely Windows Server 2008 R2, 2012, 2012 R2, 2016, and 2019. …Infosec3 min read
Published in Picus Security·Oct 18, 2020How to Simulate and Detect MITRE ATT&CK T1053 Scheduled Task/Job Techniqueby Süleyman Özarslan, PhD A scheduled task is a command, program or script to be executed at: a particular time in the future (e.g. 11/08/2022 1:00 a.m. at regular intervals (e.g. every Monday at 1:00 a.m.) when a defined event occurs (e.g. a user logs on the system). Legitimate users…Cybersecurity2 min read
Published in Picus Security·Oct 1, 2020How to Bypass WAFs for OS Command Injectionby Süleyman Özarslan, PhD Picus is dedicated to collaborating with its technology alliance partners and the cybersecurity community to build better cyber defenses against the adversary attempts. Accordingly, we have a responsible disclosure policy to publish vulnerabilities and bypass/evasion methods of security controls. We first notified the vendor, and after…Cyber5 min read
Published in Picus Security·Sep 29, 2020The Most Used Persistence Technique by Adversaries: MITRE ATT&CK T1053 Scheduled Task/Jobby Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last…Cyber6 min read
Published in Picus Security·Sep 23, 2020Hackers’ Favourite Scripting Languages Part 2: Offensive and Defensive Analysis of a VBA Script used by a Real Malware (Emotet)Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last year…Cyber4 min read
Published in Picus Security·Sep 21, 2020Hackers’ Favourite Scripting Languages Part 1: MITRE ATT&CK T1064 Scripting Techniqueby Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last…Cyber7 min read
Published in Picus Security·Sep 15, 2020OS Features help Malware Developers: MITRE ATT&CK T1059 Command Line Interface Techniqueby Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last…Cybersecurity7 min read
Aug 17, 2020From pentesting to red teaming: Security testing solutions comparedby Armagan Zaloglu In our recent blog, What is security testing and why is it important?, we talked about how security testing is one of the single most important jobs an effective security department can do. Without it, security leaders have no way to make informed and pragmatic decisions about…Cybersecurity5 min read
Aug 17, 2020MITRE ATT&CK T1036 Masqueradingby Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last…Cybersecurity10 min read
Aug 17, 20205 requirements for an effective security testing solutionby Armagan Zaloglu Security testing isn’t just a nice-to-have — it should be the north star of effective security leadership. …Cybersecurity4 min read
