Penetration Testing

Employee Behavior Is the Breach (Part 1)
Employee Behavior Is the Breach (Part 1) 1200 630 Andrew Heller
In this first installment of a real-world Lares engagement, we show how weak passwords, reused credentials, and login portal behavior enabled valid access to QA, sales, finance, and even the company’s founder—without phishing or exploiting a single vulnerability. Using only public data and internal credential leaks, we chained small wins into full authentication. This blog reveals how predictable employee behavior can bypass security controls long before an exploit is ever needed. read more

Stop Over-Scoping. Start Pressure Testing.
Stop Over-Scoping. Start Pressure Testing. 1200 630 Andrew Heller
Most pen tests are scoped too tightly to provide real value. Learn why Lares advocates for pressure-based testing, open scope, and the PTES framework to uncover real risk and build stronger security programs. read more

Red, Blue, and Purple Teams – What They Actually Mean, and How Lares Helped Build the Model Everyone Uses Today
Red, Blue, and Purple Teams – What They Actually Mean, and How Lares Helped Build the Model Everyone Uses Today 1200 630 Andrew Heller
Everyone uses the Red/Blue/Purple model—but most organizations only apply part of it. This post breaks down the real roles behind each function, how Lares helped build the model into what it is today, and how to apply it even if you don’t have formal teams. Whether you’re running full adversarial simulations or just starting structured testing, this is what effective security collaboration actually looks like. read more

Vulnerability Scanning Isn't Security Testing
Vulnerability Scanning Isn't Security Testing 1200 630 Andrew Heller
Solely on vulnerability scanning creates a false sense of security. Learn the limits of automated tools versus comprehensive, adversary-focused security testing for true cyber resilience. read more

Think Your Group Chat is Safe?
Think Your Group Chat is Safe? 1280 720 Andrew Heller

Why business chat platforms are an excellent vector for social engineering.Author: Andrew Heller – Lares Marketing ManagerMy Slack channels at work feel safe.They’re internal.They’re informal.They are where I get 90%…

read more

Protecting Your Business – Ransomware Prevention and Recovery Best Practices
Protecting Your Business – Ransomware Prevention and Recovery Best Practices 2000 1379 Andrew Heller

Ransomware attacks have emerged as one of the most significant cybersecurity threats to organisations worldwide, creating substantial challenges for data security and business continuity.Ransomware attacks have emerged as one of…

read more

The Key Differences Between Red Teaming and Penetration Testing
The Key Differences Between Red Teaming and Penetration Testing 1600 1257 Andrew Heller
Learn the key differences between Red Teaming and Penetration Testing, and discover which approach is right for your organization. read more

Pentesting 101 Part 1: So, you need or want a Pentest
Pentesting 101 Part 1: So, you need or want a Pentest 1024 1024 Steve Spence

Home Blog ContactPentesting 101: Part 1So, you need or want a PentestThat day has finally come when you’ve been tasked with obtaining a penetration test for that project you’ve built…

read more

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Call Us

(720) 600-0329

Email Us

sales@lares.com

©2025 Lares, a Damovo Company | All rights reserved.
Enter your
text here