Penetration Testing

  • Lares Labs
  • No Comments

Outlook 365 for the PWN
Outlook 365 for the PWN 1200 630 Lares Labs
Outlook 365 for the PWN shows how an attacker can chain built in tools like PowerShell, Word macros, and Outlook COM automation to quietly enumerate domain users and exfiltrate data over email, then closes with practical macro hardening steps in GPO and Endpoint Manager to help defenders get ahead of this tradecraft. read more
  • Lares Labs
  • No Comments

Living Off The Land – Built-In Pwning
Living Off The Land – Built-In Pwning 1200 630 Lares Labs
Living Off The Land – Built-In Pwning walks through how adversaries can use native Windows capabilities like PowerShell Get-CimInstance and ADSI Searcher to quietly enumerate domain groups, users, passwords in description fields, and remote administration paths such as WinRM and SMB, all without dropping additional tooling on disk. read more

How Lares Thinks About Mythos-Class AI in Offensive Security
How Lares Thinks About Mythos-Class AI in Offensive Security 1200 630 Andrew Heller
Mythos-class AI is changing how vulnerabilities are found, not replacing real adversaries. Learn how Lares views Mythos, AI-assisted testing, and what security teams should do next. read more

What We Look For in a Penetration Tester at Lares (And Why Clients Care)
What We Look For in a Penetration Tester at Lares (And Why Clients Care) 1200 630 Andrew Heller
What is the difference between a standard security report and a true adversarial assessment? It all comes down to the operators. See what we look for at Lares. read more

WEBINAR: OWASP Agentic AI Top 10: Threats in the Wild
WEBINAR: OWASP Agentic AI Top 10: Threats in the Wild 150 150 Andrew Heller

Artificial intelligence is no longer just answering our questions. It is taking action. We have moved from simple chatbots to Agentic AI applications that can reason, plan, invoke external tools,…

read more

The Top 5 Security Threats CISOs Actually Care About in 2026
The Top 5 Security Threats CISOs Actually Care About in 2026 1200 630 Andrew Heller
This report breaks down five practical threat categories impacting CISOs in 2026, from Agentic AI to Deepfake fraud, that Lares adversarial engineers encounter in the wild. read more

What Attackers Target First in Most Environments
What Attackers Target First in Most Environments 150 150 Andrew Heller

Attackers do not breach environments by guessing where the most sensitive systems are. They begin with the simplest, most reliable footholds. Across industries, across cloud providers, across company sizes, three…

read more

What Leadership Needs to See: Turning Adversary Testing Into Evidence
What Leadership Needs to See: Turning Adversary Testing Into Evidence 150 150 Andrew Heller

Executives and boards do not make decisions based on technical output. They make decisions based on clear evidence, risk narratives, and business impact. One of the most overlooked strengths of…

read more

Audit Success vs Operational Resilience: Understanding the Gap
Audit Success vs Operational Resilience: Understanding the Gap 150 150 Andrew Heller

Compliance is a necessary part of enterprise security. It provides structure, accountability, and a baseline for control maturity. But compliance is not security. Passing an audit confirms that controls exist.…

read more

From Low-Value Identity to High-Value Impact: A Realistic Attack Chain
From Low-Value Identity to High-Value Impact: A Realistic Attack Chain 150 150 Andrew Heller
A simple identity compromise can escalate into full cloud or data access. See a realistic attack chain and what it means for enterprise security teams. read more

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Call Us

(720) 600-0329

Email Us

sales@lares.com

©2025 Lares, a Damovo Company | All rights reserved.
Enter your
text here