Blog

Employee Behavior Is the Breach (Part 1)
Employee Behavior Is the Breach (Part 1) 1200 630 Andrew Heller
In this first installment of a real-world Lares engagement, we show how weak passwords, reused credentials, and login portal behavior enabled valid access to QA, sales, finance, and even the company’s founder—without phishing or exploiting a single vulnerability. Using only public data and internal credential leaks, we chained small wins into full authentication. This blog reveals how predictable employee behavior can bypass security controls long before an exploit is ever needed. read more

Your AI CCTV System is a Near-Sighted Toddler
Your AI CCTV System is a Near-Sighted Toddler 1200 630 Andrew Heller
Discover how Lares engineers bypass AI-enabled CCTV systems using real-world tactics. Learn why modern surveillance fails under pressure, how to test and tune detection models through purple teaming, and what steps your organization can take to improve physical security before a breach occurs. read more

Stop Over-Scoping. Start Pressure Testing.
Stop Over-Scoping. Start Pressure Testing. 1200 630 Andrew Heller
Most pen tests are scoped too tightly to provide real value. Learn why Lares advocates for pressure-based testing, open scope, and the PTES framework to uncover real risk and build stronger security programs. read more

Vulnerability Scanning Isn't Security Testing
Vulnerability Scanning Isn't Security Testing 1200 630 Andrew Heller
Solely on vulnerability scanning creates a false sense of security. Learn the limits of automated tools versus comprehensive, adversary-focused security testing for true cyber resilience. read more

Think Your Group Chat is Safe?
Think Your Group Chat is Safe? 1280 720 Andrew Heller

Why business chat platforms are an excellent vector for social engineering.Author: Andrew Heller – Lares Marketing ManagerMy Slack channels at work feel safe.They’re internal.They’re informal.They are where I get 90%…

read more

Protecting Your Business – Ransomware Prevention and Recovery Best Practices
Protecting Your Business – Ransomware Prevention and Recovery Best Practices 2000 1379 Andrew Heller

Ransomware attacks have emerged as one of the most significant cybersecurity threats to organisations worldwide, creating substantial challenges for data security and business continuity.Ransomware attacks have emerged as one of…

read more

Adapt or Get Compromised: What a Real Vishing Engagement Revealed
Adapt or Get Compromised: What a Real Vishing Engagement Revealed 1600 1067 Andrew Heller

Vishing isn’t theoretical. It’s happening every day, and most companies don’t even know they’ve been compromised.This post breaks down one of our real-world voice phishing simulations and what it revealed…

read more

Weaponizing the Human Element: Inside a Vishing Operator’s Playbook
Weaponizing the Human Element: Inside a Vishing Operator’s Playbook 1600 1067 Andrew Heller

This blog focuses on how vishing works and how we weaponize human behavior to get in.The Psychology Behind VishingEffective vishing exploits emotion and urgency. Every call is calibrated to:Create pressure…

read more

Why Vishing Still Works (And Why You're Not Ready)
Why Vishing Still Works (And Why You're Not Ready) 1600 1067 Andrew Heller

You’ve trained employees to spot phishing emails. You’ve rolled out MFA. Your endpoints are locked down. But none of that matters when an attacker calls your help desk and talks…

read more
  • Jethro Inwald
  • No Comments

Inside the Mind of a Lares Red Team: How OSINT Unlocks the Attack
Inside the Mind of a Lares Red Team: How OSINT Unlocks the Attack 1200 630 Jethro Inwald
Attackers don’t always need exploits—sometimes, they just need what your organization is already exposing. Before launching an attack, adversaries gather publicly available intelligence on employees, security tools, vendors, and internal processes to craft highly targeted phishing, vishing, and social engineering attacks. This blog explores how Organizational OSINT fuels real-world breaches and what security teams can do to reduce their exposure before it’s exploited. read more

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Call Us

(720) 600-0329

Email Us

sales@lares.com

©2025 Lares, a Damovo Company | All rights reserved.
Enter your
text here