Resources

Downloadable PDFs

Lares Continuous Defensive Improvement Through Adversarial Simulation and Collaboration corporate profile (image)

News & Events

Blog

The MFA That Wasn’t (Part 2) 1200 630 Andrew Heller

The MFA That Wasn’t (Part 2)

We didn’t escalate privileges. We didn’t break anything.
We authenticated, then watched the CRM leak full names, departments, employee IDs, and account IDs into the browser.

Everything trusted the login.
And that trust is what got them compromised.

read more
What Your Pentest Isn't Telling You 1200 630 Andrew Heller

What Your Pentest Isn't Telling You

Passing a penetration test doesn’t mean you’re secure. Most pentests follow strict rules and timelines that attackers ignore. Red Teaming simulates real-world adversaries to reveal how threats move, persist, and evade detection. Purple Teaming turns these insights into immediate defensive improvements. Shift from compliance to true readiness with realistic attack simulation, live defender collaboration, and measurable results.

read more
HIPAA's Physical Security Wake-Up Call: What the 2025 Rule Gets Right and Still Misses 1200 630 Andrew Heller

HIPAA's Physical Security Wake-Up Call: What the 2025 Rule Gets Right and Still Misses

The 2025 HIPAA update introduces mandatory physical security requirements for healthcare organizations, including annual assessments and access control planning. This blog explores what the new rule changes, where it falls short, and how real-world attackers continue to exploit common physical security gaps inside hospitals and clinics.

read more
Employee Behavior Is the Breach (Part 1) 1200 630 Andrew Heller

Employee Behavior Is the Breach (Part 1)

In this first installment of a real-world Lares engagement, we show how weak passwords, reused credentials, and login portal behavior enabled valid access to QA, sales, finance, and even the company’s founder—without phishing or exploiting a single vulnerability. Using only public data and internal credential leaks, we chained small wins into full authentication. This blog reveals how predictable employee behavior can bypass security controls long before an exploit is ever needed.

read more
Your AI CCTV System is a Near-Sighted Toddler 1200 630 Andrew Heller

Your AI CCTV System is a Near-Sighted Toddler

Discover how Lares engineers bypass AI-enabled CCTV systems using real-world tactics. Learn why modern surveillance fails under pressure, how to test and tune detection models through purple teaming, and what steps your organization can take to improve physical security before a breach occurs.

read more
Stop Over-Scoping. Start Pressure Testing. 1200 630 Andrew Heller

Stop Over-Scoping. Start Pressure Testing.

Most pen tests are scoped too tightly to provide real value. Learn why Lares advocates for pressure-based testing, open scope, and the PTES framework to uncover real risk and build stronger security programs.

read more
Red, Blue, and Purple Teams – What They Actually Mean, and How Lares Helped Build the Model Everyone Uses Today 1200 630 Andrew Heller

Red, Blue, and Purple Teams – What They Actually Mean, and How Lares Helped Build the Model Everyone Uses Today

Everyone uses the Red/Blue/Purple model—but most organizations only apply part of it. This post breaks down the real roles behind each function, how Lares helped build the model into what it is today, and how to apply it even if you don’t have formal teams. Whether you’re running full adversarial simulations or just starting structured testing, this is what effective security collaboration actually looks like.

read more
Vulnerability Scanning Isn't Security Testing 1200 630 Andrew Heller

Vulnerability Scanning Isn't Security Testing

Solely on vulnerability scanning creates a false sense of security. Learn the limits of automated tools versus comprehensive, adversary-focused security testing for true cyber resilience.

read more
Think Your Group Chat is Safe? 1280 720 Andrew Heller

Think Your Group Chat is Safe?

Why business chat platforms are an excellent vector for social engineering. Author: Andrew Heller – Lares Marketing Manager My Slack channels at work feel safe. They’re internal. They’re informal. They are where I get 90% of my collaboration done…way faster than anything I could do over email/outlook. And attackers know it. From Backchannel to Breach…

read more
Protecting Your Business – Ransomware Prevention and Recovery Best Practices 2000 1379 Andrew Heller

Protecting Your Business – Ransomware Prevention and Recovery Best Practices

Ransomware attacks have emerged as one of the most significant cybersecurity threats to organisations worldwide, creating substantial challenges for data security and business continuity. Ransomware attacks have emerged as one of the most significant cybersecurity threats to organisations worldwide, particularly financial institutions, creating substantial challenges for data security and business continuity. These attacks have become…

read more

Webcasts

Videos

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Call Us

(720) 600-0329

Email Us

sales@lares.com

©2025 Lares, a Damovo Company | All rights reserved.
Enter your
text here