Free Trial
|
Login
Free Trial
Login
Platform
Platform
I want to
report
WHITEPAPER Picus Red Report 2025
white paper
DATASHEET Security Validation Platform
Use Cases
Use Cases
Frameworks
Group
WHITEPAPER Building a Robust Defense-in-Depth Strategy with Breach and Attack Simulation (BAS)
Paper Icons
E-BOOK An Introduction to Exposure Validation
Research
RESEARCH
LEARNING
whitepaper
Whitepaper Modernize Your SOC with Breach and Attack Simulation
report (1)
REPORT Blue Report: Effective Threat Exposure Management
Resources
RESOURCES
LEARNING
Group
WHITEPAPER Double Your Threat Blocking in 90 Days
Paper Icons
E-BOOK An Introduction to Exposure Validation
Company
COMPANY
PARTNERS
webinar
REGISTER NOW: Assessing Your Zero Trust Program with "Assume Breach" Mindset
Data sheet
DATASHEET The Pioneer of Breach & Attack Simulation
GET A DEMO
CONTINUOUSLY UPDATED THREAT INTELLIGENCE

Picus Threat Library

Picus Threat Library offers 30,000+ threats mapped to MITRE ATT&CK, giving you the resources needed to validate and strengthen your security posture.

Threat Library

From Information
Overload to Actionable Threat Intelligence

Information based global threat context is readily accessible in many different ways and forms, but it is hardly actionable. Security analysts try to weather a storm of threat intelligence coming from multiple sources.

Even with a good number of skilled in-house penetration testers or Red Team members, organizations can hardly create a workable and sufficiently broad repository of threat samples in keeping up with the changes in the adversarial context.

gartner-2

" Strong Product to Get a Continuous Security Assessment

Picus is one of the best BAS solution on the market today. The threat database it is constantly updated, in order to simulate the lastest attack campaign and threat, to better understand if the company has an adequate protection against them..."

IT Security and Risk Management,
Transportation Industry

READ FULL REVIEW

Actionable Threat Intelligence

Picus Threat Library

Daily updated Picus Threat Library helps security operations ingest the adversarial changes in relation to their defensive capabilities.

Picus Threat Library offers:

  • 30.000+ samples of daily-updated malware, vulnerability exploits, web application attacks, and endpoint attacks.
  • Atomic adversarial techniques covering all post-compromise techniques in the MITRE ATT&CK framework.
  • Hundreds of Advanced Persistent Threat (APT) driven attack scenarios.
  • Picus Threat Library content is mapped to the frameworks of MITRE ATT&CK, Unified Kill Chain, and OWASP, targeted applications, targeted operating systems, and Common Vulnerabilities and Exposures/Common Weakness Enumeration (CVE/CWE) references.
Benchmark Threat Library
mid-strip-gray-mobile mid-strip-gray
WHY PICUS THREAT LIBRARY STANDS OUT

Elevate Your Security Validation with Picus Threat Library

The Picus Threat Library is trusted by security vendors and organizations worldwide, providing the insights and tools needed to proactively validate and improve defenses.

User-Friendly Search and Customization

With advanced search and filter options, users can quickly find threats by category, region, or severity. Custom templates can also be created to address specific organizational needs.

Mapped to Industry Frameworks

Every threat is aligned with industry-standard frameworks like MITRE ATT&CK and Unified Kill Chain, making it easier to connect real-world tactics with security validation efforts.

Rapid Updates
for Emerging
Threats

Picus Labs continuously adds new and high-impact threats, ensuring that the library stays up to date with the latest attack campaigns and vulnerabilities.

Granular Categorization

Threats are categorized into Web Application, Vulnerability Exploitation, Endpoint, Malicious Code, and Data Exfiltration, enabling tailored simulations for different security requirements.

Curated Threat Templates

Ready-to-use templates, such as Ransomware Readiness or APT Readiness, enable focused testing for specific attack types or adversaries, saving time and effort for security teams.

ETS Posts-December 2024

The Most Recent Adversarial Context at Your Fingertips

Thanks to the Global Watch, Commonality Analysis, and Imminent Threat Research processes of Picus Threat Library, Picus customers find the samples of most recent adversarial techniques conveniently at their fingertips. Cybersecurity stakeholders such as SOC analysts, threat hunters, incident responders, security operations teams, the red team, and pen-test members can utilize the granular content of Threat Library for different scenarios they carry out or test.

TRY EMERGING THREAT SIMULATOR NOW

 

How Picus Threat Library Works?

Group 427319044 (1)
PICUS MITIGATION LIBRARY

Simulate & Mitigate the Latest Cyber Threats

Improving and maintaining a strong security posture begins with knowing what you're up against. Picus Threat Library enables security teams to simulate real-world cyber attacks and validate their defenses against the latest threats. Once you've identified your security gaps, Picus Mitigation Library provides actionable fixes to strengthen your protection.

EXPLORE MITIGATION LIBRARY

mitigation library
Emerging Threats & Attack Simulations

Discover Real-World Threat Simulations for Emerging Attacks

Retail Under Fire: Inside the DragonForce Ransomware Attacks on Industry Giants
Emerging Threat Retail Under Fire: Inside the DragonForce Ransomware Attacks on Industry Giants
Learn More
CVE-2025-31324: SAP NetWeaver Remote Code Execution Vulnerability Explained
Emerging Threat CVE-2025-31324: SAP NetWeaver Remote Code Execution Vulnerability Explained
Learn More
cve-2025-32433-erlang
Emerging Threat CVE-2025-32433: Erlang/OTP SSH Remote Code Execution Vulnerability Explained
Learn More
CVE-2025-22457: Ivanti Remote Code Execution Vulnerability Explained
Emerging Threat CVE-2025-22457: Ivanti Remote Code Execution Vulnerability Explained
Learn More
IngressNightmare: Ingress NGINX Remote Code Execution Vulnerability Explained
Emerging Threat IngressNightmare: Ingress NGINX Remote Code Execution Vulnerability Explained
Learn More
CVE-2025-29927: Next.js Middleware Bypass Vulnerability Explained
Emerging Threat CVE-2025-29927: Next.js Middleware Bypass Vulnerability Explained
Learn More
Medusa Ransomware Analysis, Simulation, and Mitigation - CISA Alert AA25-071A
Emerging Threat Medusa Ransomware Analysis, Simulation, and Mitigation - CISA Alert AA25-071A
Learn More
Ghost (Cring) Ransomware Analysis, Simulation, and Mitigation - CISA Alert AA25-050A
Emerging Threat Ghost (Cring) Ransomware Analysis, Simulation, and Mitigation - CISA Alert AA25-050A
Learn More
Microsoft Active Directory Domain Services CVE-2025-21293 Vulnerability Explained
Emerging Threat Microsoft Active Directory Domain Services CVE-2025-21293 Vulnerability Explained
Learn More
Pattern-mobile Pattern(1)

See the
Picus Security Validation Platform

Request a Demo

Submit a request and we'll share answers to your top security validation and exposure management questions.

Get a Demo

Get Threat-ready

Simulate real-world cyber threats in minutes and see a holistic view of your security effectiveness.

Free Trial