How I Compromised Your Complex Password from The Internet One of an attacker’s first goals is to gain a foothold in a target environment. The role or permissions of an…
read moreIntro Enterprise workloads are increasingly shifting to modern micro-service architectures. This shift can potentially mean that visibility, hunting, and defensive frameworks lag behind their traditional on-premises architectures and deployments. The…
read moreIn the spirit of the New Year, it’s time to reflect on the past and make measurable resolutions for the future. Many people use this time to focus on personal…
read moreIf you have been within planetary orbit of our Purple Team, you will know that we are huge fans of Sysmon. You can imagine our excitement when Microsoft announced that…
read moreIntroduction PrintNightmare(CVE-2021-34527) was released as a proof of concept this week on Github. This post highlights how the exploit PoCs released on Github work and how the specific vulnerability can…
read moreIntroducing Sysmon Config Pusher When providing various services to clients, including Purple, Blue, and Red Team engagements, the Lares team often recomends Sysmon to close detection gaps. Indeed, Sysmon is…
read moreOne of the areas that I love when it comes to red/purple engagements is profiling organizations on LinkedIn and GitHub, looking for crucial information that can lead to more juicy…
read moreIntro The Sysmon ProcessAccess event has been used in threat hunting and detection efforts in order to alert on techniques such as process injection and credential access. According to the…
read moreLares® is providing an exclusive virtual online learning event on Wednesday, December 2nd 2020 starting at 9:30am EST and ending at 6:00pm EST for all of our loyal customers, contacts,…
read moreIntro On October 28th, the FireEye Threat Research team released the following threat report: https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html on the UNC1878 threat actor group and their KEGTAP/BEERBOT, SINGLEMALT/STILLBOT and WINEKEY/CORKBOT campaigns that deploy…
read more