Lares - Empowering Organizations to Maximize Their Security Potential

Welcome to Lares

Get a front row seat to your own breach. Before the real one happens.

Get Started

Empowering Organizations to Maximize Their Security Potential

Lares, a Damovo company is a team of senior engineers and security experts who helped define what modern adversarial testing should be. We co-created the Penetration Testing Execution Standard (PTES) and have led thousands of high-impact engagements for teams that care more about outcomes than optics.

Our work isn’t theoretical. It’s hands-on, collaborative, and grounded in reality.

You’ll see how we get in, how we move, and where your defenses fail. Then we help you fix it.

Solutions

What We Do

Methods

How we do it

Experience

Who we are

2008

Company
Established

600+

Customers
worldwide

4,500+

Adversarial
Engagements

Penetration Testing

Red Team Testing

Ready for an

Attack?

Advisory Services (vCISO)

Application Security

View all Solutions

Meet with Lares

CASE STUDY: Word & Brown

Using a culture of security as a baseline, Word & Brown achieved compliance because of its security journey — not in spite of it.

Download the case study

Securing ALL Industries

Lares has partnered with the leading organizations in Agriculture, Construction, Education, Financial Services, Government, Healthcare, Hospitality, Legal, Manufacturing, Oil & Gas, Retail, Software, Technology, Telecommunications, Transportation, Utilities, and more.

60+

Financial Institutions

45+

Manufacturing Companies

55+

Software Companies

30+

Insurance Companies

15+

Energy & Utilities

15+

City, State, & Local Government

22+

Law Firms

20+

Retail Companies

CASE STUDY: Ulbrich Stainless Steels and Speciality Metals

Ulbrich Stainless Steel and Specialty Metals were able to benefit greatly from the services provided by Lares. By engaging with Lares for penetration testing and vCISO services, Ulbrich continues to identify and address vulnerabilities, improve its security posture, and protect their business from cyber threats.

Download the case study

New research from Lares based on our client interactions and engagement findings.

Available Research Papers

Download

Research papers that will be released in the coming months. Register now to receive a copy when they go live!

Upcoming Research Papers

March 2023

April 2023

Research papers that will be released in the coming months. Register now to receive a copy when they go live!

Upcoming Research Papers

May 2023

June 2023

0{{current_slide_index}}

0{{total_slide_count}}

Some of Our Delighted Customers

"The expertise and professionalism that Lares' Purple Team brings to the table are unmatched. We will definitely be bringing them back for future engagements."

Benjamin Vaughn

SVP & CISO, Hyatt

"They wanted to see us succeed as much as we wanted to see us succeed. This is why, 10 years later, we are still having this conversation."

Jeffrey Hecht

(Former) Chief Compliance & Security Officer, The Word & Brown Companies

"The biggest benefit of having a Lares vCISO is getting guidance on how to tackle security issues and determining a realistic approach on how to address them."

Andrew Casceillo

Corporate Director of Technical Services, Ulbrich Stainless Steel and Speciality Metals Inc.

peer-insights-r-tm-rgb-for-white-bkgrndlogo

Read Reviews

Chat With Us

Schedule Meeting

The TTX + TTP Replay FAQ: Executive and Practitioner Guide to Evidence-Backed Cyber Defense Validation

March 2, 2026

by Andrew Heller

Stop guessing and start proving. Explore our comprehensive FAQ to learn how integrating Tabletop Exercises (TTX) and live-fire TTP Replay exposes detection gaps, validates security investments, and builds an evidence-backed cyber defense.

Advisory Services, Blog, Blue Team, Purple Teaming, Red Teaming

The Top 5 Security Threats CISOs Actually Care About in 2026

February 10, 2026

by Andrew Heller

This report breaks down five practical threat categories impacting CISOs in 2026, from Agentic AI to Deepfake fraud, that Lares adversarial engineers encounter in the wild.

Advisory Services, Blog, Blue Team, Insider Threat, Penetration Testing, Purple Teaming, Red Teaming

Audit Success vs Operational Resilience: Understanding the Gap

December 11, 2025

by Andrew Heller

Blog, Penetration Testing, Red Teaming

Purple Teaming: The Fastest Way to Improve Detection and Response

December 11, 2025

by Andrew Heller

Blog, Purple Teaming

From Low-Value Identity to High-Value Impact: A Realistic Attack Chain

December 11, 2025

by Andrew Heller

A simple identity compromise can escalate into full cloud or data access. See a realistic attack chain and what it means for enterprise security teams.

Blog, Penetration Testing, Purple Teaming, Red Teaming

How Adversaries Actually Test Enterprise Environments

December 11, 2025

by Andrew Heller

Blog, Penetration Testing, Purple Teaming, Red Teaming

TTX and TTP Replay: The Win-Win Combo We Undervalue

November 25, 2025

by Andrew Heller

Most organizations run tabletop exercises and detection tests in isolation, creating blind spots that only show up during real incidents. Pairing a tabletop exercise with a TTP replay exposes the cracks in people and process, then verifies the fixes in controls and telemetry. This combined approach delivers the evidence needed to build a defensible, data-backed...

Advisory Services, Blog, Purple Teaming, Red Teaming

From Compliance to Combat: Why Financial Services Still Bleed

September 2, 2025

by Andrew Heller

Audit-ready is not attack-ready. Lares shows financial institutions how adversaries bypass compliance to target payments, PII, and mainframes.

Blog, Financial Services, Penetration Testing, Purple Teaming, Red Teaming

AI Didn't Breach You. Your Configuration Did.

August 19, 2025

by Andrew Heller

Despite headlines about autonomous LLM-driven cyberattacks, recent incidents like the ServiceNow Count(er) Strike vulnerability and so-called “LLM hijacking” campaigns all came down to old techniques: enumeration, poor ACLs, and exposed credentials.

Blog, Penetration Testing, Red Teaming

The MFA That Wasn’t (Part 2)

August 15, 2025

by Andrew Heller

We didn’t escalate privileges. We didn’t break anything.
We authenticated, then watched the CRM leak full names, departments, employee IDs, and account IDs into the browser.

Everything trusted the login.
And that trust is what got them compromised.

Blog, Penetration Testing, Red Teaming

CASE STUDY: Word & Brown

Securing ALL Industries

60+

45+

55+

30+

15+

15+

22+

20+

CASE STUDY: Ulbrich Stainless Steels and Speciality Metals

Some of Our Delighted Customers

"The expertise and professionalism that Lares' Purple Team brings to the table are unmatched. We will definitely be bringing them back for future engagements."

"They wanted to see us succeed as much as we wanted to see us succeed. This is why, 10 years later, we are still having this conversation."

"The biggest benefit of having a Lares vCISO is getting guidance on how to tackle security issues and determining a realistic approach on how to address them."

The TTX + TTP Replay FAQ: Executive and Practitioner Guide to Evidence-Backed Cyber Defense Validation

The Top 5 Security Threats CISOs Actually Care About in 2026

Audit Success vs Operational Resilience: Understanding the Gap

Purple Teaming: The Fastest Way to Improve Detection and Response

From Low-Value Identity to High-Value Impact: A Realistic Attack Chain

How Adversaries Actually Test Enterprise Environments

TTX and TTP Replay: The Win-Win Combo We Undervalue

From Compliance to Combat: Why Financial Services Still Bleed

AI Didn't Breach You. Your Configuration Did.

The MFA That Wasn’t (Part 2)

Call Us

Email Us

©2025 Lares, a Damovo Company | All rights reserved.