Open in app

Sign In

Write

Sign In

Picus Security Inc.
Picus Security Inc.

91 Followers

Home

About

Published in Picus Security

·Nov 2, 2020

The Zerologon Vulnerability — How to Test it… Safely!

by Süleyman Özarslan, PhD On the 11th of August 2020, Microsoft released a security update[1], CVE-2020–1472 | Netlogon Elevation of Privilege Vulnerability, for a critical vulnerability within the Netlogon Remote Protocol (MS-NRPC)[2]in Windows Server operating systems, namely Windows Server 2008 R2, 2012, 2012 R2, 2016, and 2019. …

Infosec

3 min read

The Zerologon Vulnerability — How to Test it… Safely!
The Zerologon Vulnerability — How to Test it… Safely!
Infosec

3 min read


Published in Picus Security

·Oct 18, 2020

How to Simulate and Detect MITRE ATT&CK T1053 Scheduled Task/Job Technique

by Süleyman Özarslan, PhD A scheduled task is a command, program or script to be executed at: a particular time in the future (e.g. 11/08/2022 1:00 a.m. at regular intervals (e.g. every Monday at 1:00 a.m.) when a defined event occurs (e.g. a user logs on the system). Legitimate users…

Cybersecurity

2 min read

How to Simulate and Detect MITRE ATT&CK T1053 Scheduled Task/Job Tachnique: A Real Command used by…
How to Simulate and Detect MITRE ATT&CK T1053 Scheduled Task/Job Tachnique: A Real Command used by…
Cybersecurity

2 min read


Published in Picus Security

·Oct 1, 2020

How to Bypass WAFs for OS Command Injection

by Süleyman Özarslan, PhD Picus is dedicated to collaborating with its technology alliance partners and the cybersecurity community to build better cyber defenses against the adversary attempts. Accordingly, we have a responsible disclosure policy to publish vulnerabilities and bypass/evasion methods of security controls. …

Cyber

5 min read

How to Bypass WAFs for OS Command Injection
How to Bypass WAFs for OS Command Injection
Cyber

5 min read


Published in Picus Security

·Sep 29, 2020

The Most Used Persistence Technique by Adversaries: MITRE ATT&CK T1053 Scheduled Task/Job

by Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last…

Cyber

6 min read

The Most Used Persistence Technique by Adversaries: MITRE ATT&CK T1053 Scheduled Task/Job
The Most Used Persistence Technique by Adversaries: MITRE ATT&CK T1053 Scheduled Task/Job
Cyber

6 min read


Published in Picus Security

·Sep 23, 2020

Hackers’ Favourite Scripting Languages Part 2: Offensive and Defensive Analysis of a VBA Script used by a Real Malware (Emotet)

Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last year…

Cyber

4 min read

MITRE ATT&CK T1064 Scripting
MITRE ATT&CK T1064 Scripting
Cyber

4 min read


Published in Picus Security

·Sep 21, 2020

Hackers’ Favourite Scripting Languages Part 1: MITRE ATT&CK T1064 Scripting Technique

by Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last…

Cyber

7 min read

Hackers’ Favourite Scripting Languages Part 1: MITRE ATT&CK T1064 Scripting Technique
Hackers’ Favourite Scripting Languages Part 1: MITRE ATT&CK T1064 Scripting Technique
Cyber

7 min read


Published in Picus Security

·Sep 15, 2020

OS Features help Malware Developers: MITRE ATT&CK T1059 Command Line Interface Technique

by Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last…

Cybersecurity

7 min read

MITRE ATT&CK T1059 Command Line Interface
MITRE ATT&CK T1059 Command Line Interface
Cybersecurity

7 min read


Aug 17, 2020

From pentesting to red teaming: Security testing solutions compared

by Armagan Zaloglu In our recent blog, What is security testing and why is it important?, we talked about how security testing is one of the single most important jobs an effective security department can do. Without it, security leaders have no way to make informed and pragmatic decisions about…

Cybersecurity

5 min read

From pentesting to red teaming: Security testing solutions compared
From pentesting to red teaming: Security testing solutions compared
Cybersecurity

5 min read


Aug 17, 2020

MITRE ATT&CK T1036 Masquerading

by Süleyman Özarslan, PhD In 2019, Picus Labs analyzed 48813 malware to determine tactics, techniques, and procedures (TTPs) used by adversaries in these malicious files. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, 445018 TTPs observed in the last…

Cybersecurity

10 min read

MITRE ATT&CK T1036 Masquerading
MITRE ATT&CK T1036 Masquerading
Cybersecurity

10 min read


Aug 17, 2020

5 requirements for an effective security testing solution

by Armagan Zaloglu Security testing isn’t just a nice-to-have — it should be the north star of effective security leadership. …

Cybersecurity

4 min read

5 requirements for an effective security testing solution
5 requirements for an effective security testing solution
Cybersecurity

4 min read

Picus Security Inc.

Picus Security Inc.

91 Followers

Breach and Attack Simulation (BAS) | Continuous Security Validation | Gartner Cool Vendor

Following
  • Huseyin Can YUCEEL

    Huseyin Can YUCEEL

  • Suleyman OZARSLAN, PhD

    Suleyman OZARSLAN, PhD

  • Ensar Seker

    Ensar Seker

  • Oğuzcan Pamuk

    Oğuzcan Pamuk

  • Adnan Durmuşoğlu

    Adnan Durmuşoğlu

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech