Resources

Downloadable PDFs

Lares Continuous Defensive Improvement Through Adversarial Simulation and Collaboration corporate profile (image)

News & Events

Blog

Endpoint Hunting for UNC1878/KEGTAP TTPs 1024 683 Anton Ovrutsky

Endpoint Hunting for UNC1878/KEGTAP TTPs

Intro On October 28th, the FireEye Threat Research team released the following threat report: https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html on the UNC1878 threat actor group and their KEGTAP/BEERBOT, SINGLEMALT/STILLBOT and WINEKEY/CORKBOT campaigns that deploy RYUK ransomware on compromised hosts. The post contains some great IOCs specific to this campaign as well as the comprehensive remediation guidance you’ve come to…

read more
New Work From Anywhere (WFA) Guidance: CIS Videoconference Security Guide 1365 2048 Mark Arnold

New Work From Anywhere (WFA) Guidance: CIS Videoconference Security Guide

Work From Anywhere (WFA) Update: Securing Videoconferencing In early April, we here at Lares led a webinar, What Credit Unions Need to Know About Online Meeting Security, in response to the rapid adoption of video conferencing in the early stages of the COVID-19 pandemic. Organizations encountered security challenges (e.g. bombing)  that rattled business leaders’ confidence…

read more
Active Directory (AD) Attacks & Enumeration at the Network Layer 2048 1365 Anton Ovrutsky

Active Directory (AD) Attacks & Enumeration at the Network Layer

Intro Defending an Active Directory environment, particularly a large one, is a daunting task. Telemetry generated by Active Directory itself as well as the hosts connected to it are critical components when building out detection logic. In order to provide comprehensive detection coverage, telemetry from both the network and host layers is required. With this…

read more
The CIS Telework Security Guide 2048 1365 Mark Arnold

The CIS Telework Security Guide

CIS Telework Guidance The folks over at the Center for Internet Security, whose core mention is to secure online experiences, have authored security guidance for teleworkers. The CIS recently released a whitepaper on securing the remote network, a Telework Security Guide (TSG). Given the dizzying array of remote work jargon out there, the CIS TSG…

read more
Security and Converged Workspaces 2048 1365 Mark Arnold

Security and Converged Workspaces

The Forcibly Converged Network The convergence of home and corporate networks continues unabated. Converged workspaces are here to stay for the foreseeable future. Most converged networks that we assess are flat, like many corporate networks. However, the comparisons abruptly end there. Unlike corporate networks, converged networks lack common controls and typically lack monitoring of internal…

read more
WFH Lateral Movement TTPs 800 533 Anton Ovrutsky

WFH Lateral Movement TTPs

WFH Lateral Movement TTPs With the increase of remote working arrangements due to the ongoing pandemic, corporate endpoints are now located far beyond the standard corporate perimeter. This presents attackers with new attack paths that may not have been present behind well-secured corporate firewalls. With this in mind, the aim of this post is to…

read more
From Lares Labs: Defensive Guidance for ZeroLogon (CVE-2020-1472) 2048 1365 Anton Ovrutsky

From Lares Labs: Defensive Guidance for ZeroLogon (CVE-2020-1472)

About Zerologon (CVE-2020-1472) On September 11th, 2020, Secura researcher Tom Tomvoort published a blog post outlining the Zerologon vulnerability. Microsoft’s August Patch Tuesday releases contained a patch for CVE-2020-1472 which can be exploited by attackers to hijack enterprise servers due to Netlogon cryptographic weaknesses. The vulnerability allows an attacker to set a password for the…

read more
School’s On(line) Kids – Is it Safe and Cybersecure? 2048 1446 Mark Arnold

School’s On(line) Kids – Is it Safe and Cybersecure?

School Days It’s Fall again and school is open (for most) in various modes of operation after several months of disruption due to COVID-19. Whether school districts offer in-person, virtual, or hybrid schooling models, many of them face challenges and are scrambling to meet and secure new technology demands. Some districts are more embattled than…

read more
Seeing Red 1638 2048 Mark Arnold

Seeing Red

Seeing Red Recently, I asked my Lares mates to comment on a red team (RT) architecture post I stumbled upon. A volley of responses ensued with the conclusion: “That’s a penetration testing platform – not full-scope”- and a non-committal “or maybe.” Our RT banter characterizes for the larger efforts to define RT. The red team…

read more
Time for Transition: From ACET to InTREx-CU 2048 1366 Mark Arnold

Time for Transition: From ACET to InTREx-CU

The Transition from ACET to InTREx-CU for Credit Union Examinations The National Credit Union Association (NCUA) Chairman Rodney Hood discussed changes to the credit union (CU) CyberSecurity and Technology examination program before Congress in early December 2019. Hood announced the adoption of the Information Technology Risk Examination (InTREx) solution to this end. InTREx is utilized…

read more

Webcasts

Videos

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Call Us

(720) 600-0329

Email Us

sales@lares.com

©2025 Lares, a Damovo Company | All rights reserved.
Enter your
text here