Intro Wrangling data exposed by various Azure services is a daunting challenge. Because numerous tables exist with many available data types, finding the table with a particular Azure action or…
read moreWhat Is Lateral Movement ? Lateral movement is a broad MITRE ATT&CK category, consisting of nine distinct techniques and numerous sub techniques. Due to its breadth and linkages between other…
read moreIntro Enterprise workloads are increasingly shifting to modern micro-service architectures. This shift can potentially mean that visibility, hunting, and defensive frameworks lag behind their traditional on-premises architectures and deployments. The…
read moreIf you have been within planetary orbit of our Purple Team, you will know that we are huge fans of Sysmon. You can imagine our excitement when Microsoft announced that…
read moreIntroducing Sysmon Config Pusher When providing various services to clients, including Purple, Blue, and Red Team engagements, the Lares team often recomends Sysmon to close detection gaps. Indeed, Sysmon is…
read moreIntro A few months ago, we published a blog post that examined the telemetry available through Office 365, including email visibility. If you read the blog and thought to yourself,…
read moreIntro Are you a person who is new to the Information Security industry and want to get deeper into the defensive side of our wonderfully broad and complex industry? Have…
read moreIntro The Sysmon ProcessAccess event has been used in threat hunting and detection efforts in order to alert on techniques such as process injection and credential access. According to the…
read moreIntro Office 365 enables productivity and collaboration among teams and business units. As it’s utilization grows in popularity, productivity tools become increasingly attractive targets to attackers. So often attack chains…
read moreIntro On October 28th, the FireEye Threat Research team released the following threat report: https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html on the UNC1878 threat actor group and their KEGTAP/BEERBOT, SINGLEMALT/STILLBOT and WINEKEY/CORKBOT campaigns that deploy…
read more