Intro Wrangling data exposed by various Azure services is a daunting challenge. Because numerous tables exist with many available data types, finding the table with a particular Azure action or…
read moreIntroducing Sysmon Config Pusher When providing various services to clients, including Purple, Blue, and Red Team engagements, the Lares team often recomends Sysmon to close detection gaps. Indeed, Sysmon is…
read moreIntro A few months ago, we published a blog post that examined the telemetry available through Office 365, including email visibility. If you read the blog and thought to yourself,…
read moreIntro Are you a person who is new to the Information Security industry and want to get deeper into the defensive side of our wonderfully broad and complex industry? Have…
read morePurple Teaming With Lares The following blog post summarizes some of the key points from the first extracted session of the inaugural Lares Customer Summit that took place on Wednesday,…
read moreIntro Defending an Active Directory environment, particularly a large one, is a daunting task. Telemetry generated by Active Directory itself as well as the hosts connected to it are critical…
read moreThe Forcibly Converged Network The convergence of home and corporate networks continues unabated. Converged workspaces are here to stay for the foreseeable future. Most converged networks that we assess are…
read moreAbout Zerologon (CVE-2020-1472) On September 11th, 2020, Secura researcher Tom Tomvoort published a blog post outlining the Zerologon vulnerability. Microsoft’s August Patch Tuesday releases contained a patch for CVE-2020-1472 which…
read moreSeeing Red Recently, I asked my Lares mates to comment on a red team (RT) architecture post I stumbled upon. A volley of responses ensued with the conclusion: “That’s a…
read more