Posts By :

Anton Ovrutsky

Azure and Azure Active Directory Monitoring Use Cases

Azure and Azure Active Directory Monitoring Use Cases 1522 2048 Anton Ovrutsky

Intro Wrangling data exposed by various Azure services is a daunting challenge. Because numerous tables exist with many available data types, finding the table with a particular Azure action or…

read more

The Lowdown on Lateral Movement

The Lowdown on Lateral Movement 1090 749 Anton Ovrutsky

What Is Lateral Movement ? Lateral movement is a broad MITRE ATT&CK category, consisting of nine distinct techniques and numerous sub techniques. Due to its breadth and linkages between other…

read more

Kubernetes Hunting & Visibility

Kubernetes Hunting & Visibility 1280 905 Anton Ovrutsky

Intro Enterprise workloads are increasingly shifting to modern micro-service architectures. This shift can potentially mean that visibility, hunting, and defensive frameworks lag behind their traditional on-premises architectures and deployments. The…

read more

Sysmon for Linux Test Drive

Sysmon for Linux Test Drive 1090 727 Anton Ovrutsky

If you have been within planetary orbit of our Purple Team, you will know that we are huge fans of Sysmon. You can imagine our excitement when Microsoft announced that…

read more

Introducing Sysmon Config Pusher

Introducing Sysmon Config Pusher 1026 685 Anton Ovrutsky

Introducing Sysmon Config Pusher When providing various services to clients, including Purple, Blue, and Red Team engagements, the Lares team often recomends Sysmon to close detection gaps. Indeed, Sysmon is…

read more

Emails and Malicious Macros – What Can Go Wrong?

Emails and Malicious Macros – What Can Go Wrong? 2048 1365 Anton Ovrutsky

Intro A few months ago, we published a blog post that examined the telemetry available through Office 365, including email visibility. If you read the blog and thought to yourself,…

read more

Getting into the Blue Team: A Practical Guide

Getting into the Blue Team: A Practical Guide 1090 1105 Anton Ovrutsky

Intro Are you a person who is new to the Information Security industry and want to get deeper into the defensive side of our wonderfully broad and complex industry? Have…

read more

Hunting in the Sysmon Call Trace

Hunting in the Sysmon Call Trace 1090 817 Anton Ovrutsky

Intro The Sysmon ProcessAccess event has been used in threat hunting and detection efforts in order to alert on techniques such as process injection and credential access. According to the…

read more

Taking a Look at Office 365 Logs

Taking a Look at Office 365 Logs 1090 727 Anton Ovrutsky

Intro Office 365 enables productivity and collaboration among teams and business units. As it’s utilization grows in popularity, productivity tools become increasingly attractive targets to attackers. So often attack chains…

read more

Endpoint Hunting for UNC1878/KEGTAP TTPs

Endpoint Hunting for UNC1878/KEGTAP TTPs 1024 683 Anton Ovrutsky

Intro On October 28th, the FireEye Threat Research team released the following threat report: https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html on the UNC1878 threat actor group and their KEGTAP/BEERBOT, SINGLEMALT/STILLBOT and WINEKEY/CORKBOT campaigns that deploy…

read more

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2024 Lares, a Damovo Company | All rights reserved.

Error: Contact form not found.

Error: Contact form not found.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.