lares

Detection and Mitigation Advice for PrintNightmare

Detection and Mitigation Advice for PrintNightmare 2048 1365 Andy Gill

Introduction PrintNightmare(CVE-2021-34527) was released as a proof of concept this week on Github. This post highlights how the exploit PoCs released on Github work and how the specific vulnerability can…

read more

Introducing Sysmon Config Pusher

Introducing Sysmon Config Pusher 1026 685 Anton Ovrutsky

Introducing Sysmon Config Pusher When providing various services to clients, including Purple, Blue, and Red Team engagements, the Lares team often recomends Sysmon to close detection gaps. Indeed, Sysmon is…

read more

Social Profiling – OSINT for Red/Blue

Social Profiling – OSINT for Red/Blue 1280 822 Andy Gill

One of the areas that I love when it comes to red/purple engagements is profiling organizations on LinkedIn and GitHub, looking for crucial information that can lead to more juicy…

read more

Hunting in the Sysmon Call Trace

Hunting in the Sysmon Call Trace 1090 817 Anton Ovrutsky

Intro The Sysmon ProcessAccess event has been used in threat hunting and detection efforts in order to alert on techniques such as process injection and credential access. According to the…

read more

The Inaugural Lares Customer Summit

The Inaugural Lares Customer Summit 2048 1365 Andrew Hay

​Lares® is providing an exclusive virtual online learning event on Wednesday, December 2nd 2020 starting at 9:30am EST and ending at 6:00pm EST for all of our loyal customers, contacts,…

read more

Endpoint Hunting for UNC1878/KEGTAP TTPs

Endpoint Hunting for UNC1878/KEGTAP TTPs 1024 683 Anton Ovrutsky

Intro On October 28th, the FireEye Threat Research team released the following threat report: https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html on the UNC1878 threat actor group and their KEGTAP/BEERBOT, SINGLEMALT/STILLBOT and WINEKEY/CORKBOT campaigns that deploy…

read more

WFH Lateral Movement TTPs

WFH Lateral Movement TTPs 800 533 Anton Ovrutsky

WFH Lateral Movement TTPs With the increase of remote working arrangements due to the ongoing pandemic, corporate endpoints are now located far beyond the standard corporate perimeter. This presents attackers…

read more

Seeing Red

Seeing Red 1638 2048 Mark Arnold

Seeing Red Recently, I asked my Lares mates to comment on a red team (RT) architecture post I stumbled upon. A volley of responses ensued with the conclusion: “That’s a…

read more

Security Program Components 101

Security Program Components 101 1090 727 Andrew Hay

The term “security program” means a lot of different things to a log of different people. To some, it’s just an acceptable use policy or password policy. To others, it’s…

read more

Upcoming Webinar – Defensive Strategies: The Power of Visibility

Upcoming Webinar – Defensive Strategies: The Power of Visibility 1090 728 Andrew Hay

Defensive Strategies: The Power of Visibility When: Wednesday, July 29, 2020 @ 12pm ET About the Webinar: Security programs are struggling with noise. What is legitimate and what is suspicious?…

read more

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2019 Lares, LLC | All rights reserved.
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.