Resources

Downloadable PDFs

Lares Continuous Defensive Improvement Through Adversarial Simulation and Collaboration corporate profile (image)

News & Events

Blog

Tribe of Hackers: Red Team Edition 353 499 Christopher Nickerson

Tribe of Hackers: Red Team Edition

At the beginning of the year, I was approached by the infamous Marcus J Carey (@marcusjcarey) to help create content for a Red Team focused book. The format was something new to me but quite fun to contribute to. Marcus had a series of questions asked to a group of all star red teamers —…

read more
Use-After-Free (UAF) Vulnerability CVE-2019-1199 in Microsoft Outlook 4032 3024 RJ McDown

Use-After-Free (UAF) Vulnerability CVE-2019-1199 in Microsoft Outlook

Overview R.J. McDown (@BeetleChunks) of the Lares® Research and Development Team discovered a Critical Remote Code Execution vulnerability in the latest version of Microsoft Outlook. R.J. and the Lares R&D team immediately submitted a report to Microsoft detailing this issue. The vulnerability, now designated CVE-2019-1199, was validated against Microsoft Outlook Slow Ring Build Version 1902…

read more
Announcing The Lares Top 5 Penetration Test Findings For 1H 2019 683 402 Andrew Hay

Announcing The Lares Top 5 Penetration Test Findings For 1H 2019

Lares® is pleased to announce its inaugural Top 5 Penetration Test Findings Report for the first half of 2019 (1H2019). Lares encounters a seemingly endless number of vulnerabilities when we conduct a penetration test or red team engagement, regardless of organization size or maturity. Though not every engagement is identical, we have analyzed the similarities…

read more
ARM Ret2ZP 6016 4016 Thomas Whitmire

ARM Ret2ZP

So straight off the bat, the first thing to understand when working with ARM when compared to x86 is the difference between RISC and CISC architecture designs.

read more
Branch Network Transformation: 5 Questions For Credit Unions 4288 2848 Andrew Hay

Branch Network Transformation: 5 Questions For Credit Unions

Danielle Havlicek from the La Macchia Group published a detailed blog post over at CUInsight entitled the 5 Steps to Tackling a Branch Network Transformation. The one step that caught our attention was the Integrate Technology portion of the blog post. From the post: Technology is a powerful tool that when integrated properly can maximize member…

read more
Join Lares for the Best Bowling Party in Las Vegas! 1100 616 Andrew Hay

Join Lares for the Best Bowling Party in Las Vegas!

Lares is pleased to announce it’s “Hacker Summer Camp” (a.k.a. Black Hat, BSidesLV, DEF CON week) party at Brooklyn Bowl in Las Vegas. What: Bowling, food, drinks, and conversation away before you head out to the various other parties that night. Come, be social, and get some food in you before the night gets away…

read more
Meet With Lares Executives in Las Vegas 1667 542 Andrew Hay

Meet With Lares Executives in Las Vegas

It’s that time of year again and Lares is headed back to Las Vegas. This year we’re holding meetings in our multi-floor suite at the Cosmopolitan on Tuesday, August 6th through Thursday, August 8th between the hours of 10 am and 7 pm PST (with limited availability on the afternoon of Monday, August 5th). Who…

read more
Abusing Common Cluster Configuration for Privileged Lateral Movement 4784 3189 Tim McGuffin

Abusing Common Cluster Configuration for Privileged Lateral Movement

Tech sites have published articles that walk a Windows Systems Administrator through the process of adding a machine account to the Local Administrators group on another machine.  

read more
Lares Chill Out Suite at The Cosmopolitan 1667 542 Andrew Hay

Lares Chill Out Suite at The Cosmopolitan

We just wanted to invite our readers to the Lares chill out suite at The Cosmopolitan of Las Vegas during BSidesLV, Black Hat, the Diana Initiative, and DEF CON. Please note, we will not have the suite number until we check in on Monday, August 5th so look for an update on Monday evening (via…

read more
Security Hygiene Gets a Refresh in the Wake of Baltimore’s Cyber Attack 712 401 Andrew Hay

Security Hygiene Gets a Refresh in the Wake of Baltimore’s Cyber Attack

The City of Baltimore’s recent ransomware incident not only caught government servers by surprise. It also jolted the industry as a stark reminder that cyber attacks can still occur where and when they’re least expected. Not the most comforting prospect—but are there constructive takeaways to be gleaned in the aftermath? Last week, I had the…

read more

Webcasts

Videos

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

©2019 Lares, LLC | All rights reserved.