Picus Security Blog

Security testing isn’t just a nice-to-have - it should be the north star of effective security leadership. We’ve put together a list of five must-haves when assembling a modern, threat-centric security validation program.

Once adversaries establish initial access in a system, one of their primary objectives is finding credentials to access other resources and systems in the environment. As a mechanism to obtain account login and password information – credentials –  Credential Dumping is the third most frequently used MITRE ATT&CK technique in our list.

Keeping up with new cyber security threats is a fundamentally unfair game. Thankfully, there’s a way security leaders can gain insight into emerging threats and stay on top of their security investments, and it’s through security testing, or security validation.

PowerShell is a powerful interactive command-line shell and scripting language installed by default on Windows operating systems. Read the blog and discover T1086 PowerShell as the no. 2 technique in the Picus 10 Critical MITRE ATT&CK Techniques list.

Read the blog to discover T1055 Process Injection as the no. 1 technique in the Picus 10 Critical MITRE ATT&CK Techniques list.

At the end of February, the RSA Conference 2020 attracted 36,000 participants, 704 speakers, and 658 exhibitors. In this blog post, we highlight five noteworthy themes from the RSA Conference 2020.

Are you crystal clear on which cyber threats pose a significant risk to your business? In this article, we outline what you need to know to keep pace with the speed of change to reduce your exposure.

Unaware that current security controls are failing in silence. This blog discusses in-depth tips on dwell-time metrics and how to complete these strategies into your security posture?

We revealed obfuscated Visual Basic codes in the first part of the Emotet Technical Analysis series. In this second part, we analyze the PowerShell script in the VBA codes.

In this second part, we analyzed the PowerShell codes in the Emotet malware document. Emotet incorporates various obfuscation and evasion techniques to avoid detection, and these techniques change over time.