Industry Contributions

LARES. WHERE TECHNOLOGY MEETS SECURITY.
Lares Business Security Consulting logo (image)

The Lares team are incredibly active in contributing to the information security community. Whether it’s published research, books, or interviews, Lares helps whever they’re needed most.

  • Tribe of Hackers Security Leaders: Tribal Knowledge from the best in Cybersecurity Leadership (Wiley, ISBN 1119643775)

    Cybersecurity leadership is about recruiting and leading teams of hackers―not always an easy task, but one that could make or break your organization’s secure future. From the authors who brought you the bestselling Tribe of Hackers comes Tribe of Hackers Security Leaders, a collection of invaluable real-world insights from the world’s leading cybersecurity experts. This book offers perspectives on cybersecurity leadership issues such as talent acquisition, working productively with teams across the organization, and leading teams to success. The book features interviews with Lares COO Andrew Hay and Lares VP, Advisory Services, Mark Arnold.

    Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity (Wiley, ISBN 1119643325)

    The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking. This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more. The book features an interview with Lares CEO Chris Nickerson.

    The OSSEC Host-based Intrusion Detection Guide (Syngress, ISBN 9781597492409)

    This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Authored by Lares COO Andrew Hay.

    Nagios 3 Enterprise Network Monitoring (Syngress, ISBN 9781597492676)

    Nagios 3 Enterprise Network Monitoring can help you harness the full power of Nagios in your organization. Co-authored by Lares COO Andrew Hay.

    Nokia Firewall, VPN, and IPSO Configuration Guide (Syngress, ISBN 9781597492867)

    The Nokia Firewall, VPN, and IPSO Configuration Guide provides seasoned network administrators and security professionals with the in-depth coverage and step-by-step walkthroughs they require to properly secure their network perimeters and ensure safe connectivity for remote users. Co-authored by Lares COO Andrew Hay.

    OpenStack Security Guide (OpenStack Security Group)

    The OpenStack Security Guide is the result of a five day sprint of collaborative work of many individuals. The purpose of this document is to provide the best practice guidelines for deploying a secure OpenStack cloud. It is designed to reflect the current state of security within the OpenStack community and provide frameworks for decision making where listing specific security controls are not feasible due to complexity or other environment specific details. Co-authored by Lares COO Andrew Hay.

    Information Supplement: PCI SSC Cloud Computing Guidelines (Cloud Special Interest Group PCI Security Standards Council)

    This document provides guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing, or assessing cloud technologies as part of a cardholder data environment (CDE). Contributed to by Lares COO Andrew Hay.

    WarDriving: Drive, Detect, Defend: A Guide to Wireless Security (Syngress, ISBN 1931836035)

    The practice of WarDriving is a unique combination of hobby, sociological research, and security assessment. The act of driving or walking through urban areas with a wireless-equipped laptop to map both protected and un-protected wireless networks has sparked intense debate amongst lawmakers, security professionals, and the telecommunications industry. This first ever book on WarDriving is written from the inside perspective of those who have created the tools that make WarDriving possible and those who gather, analyze, and maintain data on all secured and open wireless access points in very major, metropolitan area worldwide. These insiders also provide the information to secure your wireless network before it is exploited by criminal hackers. Expertise provided by Lares Red Team Manager Tim McGuffin.

    Penetration Tester’s Open Source Toolkit, Vol. 2 (Syngress, ISBN 1597492132)

    Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester’s toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms. Expertise provided by Lares Red Team Manager Tim McGuffin.

    Hash Crack: Password Cracking Manual (v3) (ISBN 1793458618)

    The Hash Crack: Password Cracking Manual v3 is an expanded reference guide for password recovery (cracking) methods, tools, and analysis techniques. A compilation of basic and advanced techniques to assist penetration testers and network security professionals evaluate their organization’s posture. The Hash Crack manual contains syntax and examples for the most popular cracking and analysis tools and will save you hours of research looking up tool usage. It also includes basic cracking knowledge and methodologies every security professional should know when dealing with password attack capabilities. Hash Crack contains all the tables, commands, online resources, and more to complete your cracking security kit. This version expands on techniques to extract hashes from a myriad of operating systems, devices, data, files, and images. Lastly, it contains updated tool usage and syntax for the most popular cracking tools. Expertise provided by Lares Red Team Manager Tim McGuffin.

    Introduction to Network Security (CharIesRiver, ASIN B008YT10NK)

    Expertise provided by Lares Red Team Manager Tim McGuffin.

  • Lares Top 5 Penetration Test Findings For 1H 2019

    Analyzed the similarities between the most frequently observed methods to facilitate access in the first half of 2019 (1H2019).

    Jupyter Descending

    An analysis of remotely accessible and unprotected Jupyter notebook servers.

    The 2015 Internet of Things In The Enterprise Report

    A worldwide data-driven security assessment of Internet of Things (IoT) devices and infrastructure found in businesses.

    Hello Barbie, Hello Security Issues

    Detailed research into the security and privacy vulnerabilities surrounding the Hello Barbie connected toy from Mattel, Inc.

    XCodeGhost ‘Materializes’ on App Store

    Analysis of the C2 domains from the perspective of the OpenDNS Global Network Infrastructure.

    Five Things To Know About The Tesla Motors Compromise

    Deep dive analysis into the teslamotors.com website redirection to a server hosted in Amsterdam.

    Investigating A Malicious Attachment Without Reversing

    An example of using some free tools and DNS logs to expedite the analysis process.

    Google Search Page In Vietnam Hijacked

    Analysis of Lizard Squad hijack and redirection of google.com.vn domain.

    Fessleak before It Was Cool

    Analysis of malicious activity surrounding the Fessleak threat actor Michael Zont.

    Visualizing 2014 Attack Data

    Sample of some of the most publicized and prominent events that affected the Internet at large in 2014.

    Internet of Things (IoT) meets the Internet of Holidays (IoH)

    Findings through the lens of the Internet of Things (IoT) connected devices, home automation products, toys, and wearable devices leading up to the 2014 Holiday season.

    Gameover ZeuS Switches From P2P to DGA

    Detailed analysis of Malcovery findings related to Gameover ZeuS post Operation Tovar.

    Xerox Printer Beacons And The Importance of Documentation

    Detailed analysis of Xerox printer DNS beacons to the public Internet.

    If Syria Falls Off The Internet, Does Anyone Notice?

    Analysis of a major disruption in DNS queries for the Syria (SY) country code top-level domain (ccTLD).

    Determining Cloud Service Provider property values using real estate economic models and the exposed attack surface area of neighboring guest instances

    Paper detailing how the economic models used to derive real estate property values can be adjusted and applied to Cloud Service Providers (CSP) pricing to help determine more accurate valuation of guest instances and the region in which they operate.

    Security and the Cloud 2012

    Results of the survey of 201 IT professionals regarding their concerns and insights on cloud use and security.

  • Penetration Testing Execution Standard (PTES)

    Lares CEO Chris Nickerson and Lares Co-Founder Eric Smith created the Penetration Testing Execution Standard (PTES), the global industry-standard of effective penetration testing.

    National Collegiate Cyber Defense Competition (NCCDC)

    Lares VP, Customer Success, Jessica Archer is a founding members of the National Collegiate Cyber Defense Competition (NCCDC) that oversees all 10 regional Collegiate Cyber Defense Competitions (CCDC) to mentor the next generation of offensive security experts.

    PCI Security Standards Council (Cloud Special Interest Group PCI Security Standards Council)

    Information Supplement: PCI SSC Cloud Computing Guidelines provides guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing, or assessing cloud technologies as part of a cardholder data environment (CDE). Contributed to by Lares COO Andrew Hay.

  • InfraGard

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

    High Technology Crime Investigation Association

    The High Technology Crime Investigation Association (HTCIA) was founded in 1986 in response to the limited training and resources available for law enforcement to investigate the growing high technology industry.

    Since its inception, the HTCIA has grown into a worldwide organization with chapters all over the world.

    Dedicated to providing training and resources on high technology crime investigating for its members, the HTCIA holds a number of seminars, summits and conferences every year, including its flagship International Conference.

    ISACA

    ISACA has served our professional community for more than 50 years. The association was incorporated as the EDP Auditors Association in 1969 by a small group of individuals who recognized a need for a centralized source of information and guidance in the new field of electronic data processing audit. Today, ISACA serves 145,000 professionals in 180 countries, who span several roles in assurance, governance, risk and information security.

    (ISC)²

    (ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. More than 150,000 certified members strong, we empower professionals who touch every aspect of information security.

    GIAC

    GIAC (Global Information Assurance Certification) was founded in 1999 to validate the skills of information security professionals. The purpose of GIAC is to provide assurance that a certified individual has the knowledge and skills necessary for a practitioner in key areas of computer, information and software security. GIAC certifications are trusted by thousands of companies and government agencies, including the United States National Security Agency (NSA).

    ASIS International

    Founded in 1955, ASIS International is a global community of security practitioners, each of whom has a role in the protection of assets – people, property, and/or information.

    OWASP Foundation

    The Open Web Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.

    CREST

    CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence and Security Operations Centre (SOC) services.

    Red Team Alliance Training Collective, Critical Infrastructure Committee

    Advancing the discipline of security by advancing the people in security.

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

©2019 Lares, LLC | All rights reserved.
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies.Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

    Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.