Thank You for Contacting Lares

We’re excited to help you protect what matters most. A member of our team will get in touch with you shortly. While you wait, explore our resources:

Download Our Latest Whitepapers

Dive into insights like Advanced Techniques for Infiltrating Fortune 100 Companies.

View All Resources

Stay Ahead of Trends

Visit LinkedIn

How we do it

Methodology Docs

Red Team

Purple Team

Penetration Testing

vCiso Advisory Services

Application Security
Assessment

Physical Security
Testing

The Project #6

Organizational OSINT for Red Teaming

Read the Lares Blog

From Compliance to Combat: Why Financial Services Still Bleed

Blog, Financial Services, Penetration Testing, Purple Teaming, Red Teaming

September 2, 2025

by Andrew Heller

Audit-ready is not attack-ready. Lares shows financial institutions how adversaries bypass compliance to target payments, PII, and mainframes.

AI Didn't Breach You. Your Configuration Did.

Blog, Penetration Testing, Red Teaming

August 19, 2025

by Andrew Heller

Despite headlines about autonomous LLM-driven cyberattacks, recent incidents like the ServiceNow Count(er) Strike vulnerability and so-called “LLM hijacking” campaigns all came down to old techniques: enumeration, poor ACLs, and exposed credentials.

The MFA That Wasn’t (Part 2)

Blog, Penetration Testing, Red Teaming

August 15, 2025

by Andrew Heller

We didn’t escalate privileges. We didn’t break anything.
We authenticated, then watched the CRM leak full names, departments, employee IDs, and account IDs into the browser.

Everything trusted the login.
And that trust is what got them compromised.

What Your Pentest Isn't Telling You

Blog, Penetration Testing, Purple Teaming, Red Teaming

August 15, 2025

by Andrew Heller

Passing a penetration test doesn’t mean you’re secure. Most pentests follow strict rules and timelines that attackers ignore. Red Teaming simulates real-world adversaries to reveal how threats move, persist, and evade detection. Purple Teaming turns these insights into immediate defensive improvements. Shift from compliance to true readiness with realistic attack simulation, live defender collaboration, and...

HIPAA's Physical Security Wake-Up Call: What the 2025 Rule Gets Right and Still Misses

Blog, Healthcare, Penetration Testing, Red Teaming

August 4, 2025

by Andrew Heller

The 2025 HIPAA update introduces mandatory physical security requirements for healthcare organizations, including annual assessments and access control planning. This blog explores what the new rule changes, where it falls short, and how real-world attackers continue to exploit common physical security gaps inside hospitals and clinics.

Employee Behavior Is the Breach (Part 1)

Blog, Penetration Testing, Red Teaming

July 31, 2025

by Andrew Heller

In this first installment of a real-world Lares engagement, we show how weak passwords, reused credentials, and login portal behavior enabled valid access to QA, sales, finance, and even the company’s founder—without phishing or exploiting a single vulnerability. Using only public data and internal credential leaks, we chained small wins into full authentication. This blog...

Your AI CCTV System is a Near-Sighted Toddler

Blog, Purple Teaming, Red Teaming

June 30, 2025

by Andrew Heller

Discover how Lares engineers bypass AI-enabled CCTV systems using real-world tactics. Learn why modern surveillance fails under pressure, how to test and tune detection models through purple teaming, and what steps your organization can take to improve physical security before a breach occurs.

Stop Over-Scoping. Start Pressure Testing.

Blog, Blue Team, Insider Threat, Penetration Testing, Purple Teaming, Red Teaming

June 26, 2025

by Andrew Heller

Most pen tests are scoped too tightly to provide real value. Learn why Lares advocates for pressure-based testing, open scope, and the PTES framework to uncover real risk and build stronger security programs.

Vulnerability Scanning Isn't Security Testing

Blog, Penetration Testing, Red Teaming

May 12, 2025

by Andrew Heller

Solely on vulnerability scanning creates a false sense of security. Learn the limits of automated tools versus comprehensive, adversary-focused security testing for true cyber resilience.

Think Your Group Chat is Safe?

Blog, Penetration Testing

April 10, 2025

by Andrew Heller

Why business chat platforms are an excellent vector for social engineering.Author: Andrew Heller - Lares Marketing ManagerMy Slack channels at work feel safe.They're internal.They're informal.They are where I get 90% of my collaboration done...way faster than anything I could do over email/outlook.And attackers know it.From Backchannel to BreachRecent "Signal group chat" headlines have exposed just...

Thank You for Contacting Lares

Download Our Latest Whitepapers

Stay Ahead of Trends

Read the Lares Blog

From Compliance to Combat: Why Financial Services Still Bleed

AI Didn't Breach You. Your Configuration Did.

The MFA That Wasn’t (Part 2)

What Your Pentest Isn't Telling You

HIPAA's Physical Security Wake-Up Call: What the 2025 Rule Gets Right and Still Misses

Employee Behavior Is the Breach (Part 1)

Your AI CCTV System is a Near-Sighted Toddler

Stop Over-Scoping. Start Pressure Testing.

Vulnerability Scanning Isn't Security Testing

Think Your Group Chat is Safe?

Call Us

Email Us

©2025 Lares, a Damovo Company | All rights reserved.