Resources

Downloadable PDFs

News & Events

Blog

Emails and Malicious Macros – What Can Go Wrong? 2048 1365 Anton Ovrutsky

Emails and Malicious Macros – What Can Go Wrong?

Intro A few months ago, we published a blog post that examined the telemetry available through Office 365, including email visibility. If you read the blog and thought to yourself, I wish that I could get more comprehensive email visibility, beyond just the basic meta-data, then the Splunk Microsoft O365 Email Add-On is something you…

read more
Pentesting Xamarin AOT Mobile Apps 2048 1365 Zach Grace

Pentesting Xamarin AOT Mobile Apps

Obtaining .NET Assemblies from Android Full AOT Compiled Applications Recently on a mobile engagement, I came across an Android application built with Xamarin using full Ahead of Time (AOT) compilation. This technology allows a developer to create an application in C#, and the Xamarin platform compiles that code into platform-specific binaries without the use of…

read more
Getting into the Blue Team: A Practical Guide 1090 1105 Anton Ovrutsky

Getting into the Blue Team: A Practical Guide

Intro Are you a person who is new to the Information Security industry and want to get deeper into the defensive side of our wonderfully broad and complex industry? Have you read a few "getting into InfoSec" guides but been looking for something more practical, specific, and applicable to your interests in blue team aspects…

read more
Hunting in the Sysmon Call Trace 1090 817 Anton Ovrutsky

Hunting in the Sysmon Call Trace

Intro The Sysmon ProcessAccess event has been used in threat hunting and detection efforts in order to alert on techniques such as process injection and credential access. According to the Sysinternals website, the Sysmon ProcessAccess event reports when a process opens another process, an operation that’s often followed by information queries or reading and writing…

read more
Web Application Testing The Lares Way 2048 1404 Mark Arnold

Web Application Testing The Lares Way

Web Application Security Testing the Lares Way The following blog post summarizes some of the key points from the first extracted session of the inaugural Lares Customer Summit that took place on Wednesday, December 2nd, 2020. We hope you enjoy the excerpted highlights of Zach Grace and Rick Tortorella session on web application security testing…

read more
How to Scope Your Next (or First) Pentest 2048 1365 Mark Arnold

How to Scope Your Next (or First) Pentest

How to Scope Your Next (or First) Pentest The following blog post summarizes some of the key points from the first extracted session of the inaugural Lares Customer Summit that took place on Wednesday, December 2nd, 2020. We hope you enjoy the excerpted highlights from Tim McGuffin’s (Director of Adversarial Engineering) session on helping clients…

read more
Purple Teaming with Lares 2048 1536 Mark Arnold

Purple Teaming with Lares

Purple Teaming With Lares The following blog post summarizes some of the key points from the first extracted session of the inaugural Lares Customer Summit that took place on Wednesday, December 2nd 2020. We hope you enjoy the excerpts and the extracted session at the bottom of the page. Blame Game: The Receiving End of…

read more
The Inaugural Lares Customer Summit 2048 1365 Andrew Hay

The Inaugural Lares Customer Summit

​Lares® is providing an exclusive virtual online learning event on Wednesday, December 2nd 2020 starting at 9:30am EST and ending at 6:00pm EST for all of our loyal customers, contacts, and friends. The day-long online event will feature technical presentations from our engineers, updates from the executive team, and a number of Lares customer roundtable…

read more
Taking a Look at Office 365 Logs 1090 727 Anton Ovrutsky

Taking a Look at Office 365 Logs

Intro Office 365 enables productivity and collaboration among teams and business units. As it’s utilization grows in popularity, productivity tools become increasingly attractive targets to attackers. So often attack chains begin with a successful phishing email. In addition, tools like SharePoint and OneDrive provide adversaries with attractive avenues for both data exfiltration and as a…

read more
Endpoint Hunting for UNC1878/KEGTAP TTPs 1024 683 Anton Ovrutsky

Endpoint Hunting for UNC1878/KEGTAP TTPs

Intro On October 28th, the FireEye Threat Research team released the following threat report: https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html on the UNC1878 threat actor group and their KEGTAP/BEERBOT, SINGLEMALT/STILLBOT and WINEKEY/CORKBOT campaigns that deploy RYUK ransomware on compromised hosts. The post contains some great IOCs specific to this campaign as well as the comprehensive remediation guidance you’ve come to…

read more

Webcasts

Videos

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

©2019 Lares, LLC | All rights reserved.
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

    Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.