Downloadable PDFs

Lares Continuous Defensive Improvement Through Adversarial Simulation and Collaboration corporate profile (image)

News & Events


Purple Teaming with Lares 2048 1536 Mark Arnold

Purple Teaming with Lares

Purple Teaming With Lares The following blog post summarizes some of the key points from the first extracted session of the inaugural Lares Customer Summit that took place on Wednesday, December 2nd 2020. We hope you enjoy the excerpts and the extracted session at the bottom of the page. Blame Game: The Receiving End of…

read more
The Inaugural Lares Customer Summit 2048 1365 Andrew Hay

The Inaugural Lares Customer Summit

​Lares® is providing an exclusive virtual online learning event on Wednesday, December 2nd 2020 starting at 9:30am EST and ending at 6:00pm EST for all of our loyal customers, contacts, and friends. The day-long online event will feature technical presentations from our engineers, updates from the executive team, and a number of Lares customer roundtable…

read more
Taking a Look at Office 365 Logs 1090 727 Anton Ovrutsky

Taking a Look at Office 365 Logs

Intro Office 365 enables productivity and collaboration among teams and business units. As it’s utilization grows in popularity, productivity tools become increasingly attractive targets to attackers. So often attack chains begin with a successful phishing email. In addition, tools like SharePoint and OneDrive provide adversaries with attractive avenues for both data exfiltration and as a…

read more
Endpoint Hunting for UNC1878/KEGTAP TTPs 1024 683 Anton Ovrutsky

Endpoint Hunting for UNC1878/KEGTAP TTPs

Intro On October 28th, the FireEye Threat Research team released the following threat report: on the UNC1878 threat actor group and their KEGTAP/BEERBOT, SINGLEMALT/STILLBOT and WINEKEY/CORKBOT campaigns that deploy RYUK ransomware on compromised hosts. The post contains some great IOCs specific to this campaign as well as the comprehensive remediation guidance you’ve come to…

read more
New Work From Anywhere (WFA) Guidance: CIS Videoconference Security Guide 1365 2048 Mark Arnold

New Work From Anywhere (WFA) Guidance: CIS Videoconference Security Guide

Work From Anywhere (WFA) Update: Securing Videoconferencing In early April, we here at Lares led a webinar, What Credit Unions Need to Know About Online Meeting Security, in response to the rapid adoption of video conferencing in the early stages of the COVID-19 pandemic. Organizations encountered security challenges (e.g. bombing)  that rattled business leaders’ confidence…

read more
Active Directory (AD) Attacks & Enumeration at the Network Layer 2048 1365 Anton Ovrutsky

Active Directory (AD) Attacks & Enumeration at the Network Layer

Intro Defending an Active Directory environment, particularly a large one, is a daunting task. Telemetry generated by Active Directory itself as well as the hosts connected to it are critical components when building out detection logic. In order to provide comprehensive detection coverage, telemetry from both the network and host layers is required. With this…

read more
The CIS Telework Security Guide 2048 1365 Mark Arnold

The CIS Telework Security Guide

CIS Telework Guidance The folks over at the Center for Internet Security, whose core mention is to secure online experiences, have authored security guidance for teleworkers. The CIS recently released a whitepaper on securing the remote network, a Telework Security Guide (TSG). Given the dizzying array of remote work jargon out there, the CIS TSG…

read more
Security and Converged Workspaces 2048 1365 Mark Arnold

Security and Converged Workspaces

The Forcibly Converged Network The convergence of home and corporate networks continues unabated. Converged workspaces are here to stay for the foreseeable future. Most converged networks that we assess are flat, like many corporate networks. However, the comparisons abruptly end there. Unlike corporate networks, converged networks lack common controls and typically lack monitoring of internal…

read more
WFH Lateral Movement TTPs 800 533 Anton Ovrutsky

WFH Lateral Movement TTPs

WFH Lateral Movement TTPs With the increase of remote working arrangements due to the ongoing pandemic, corporate endpoints are now located far beyond the standard corporate perimeter. This presents attackers with new attack paths that may not have been present behind well-secured corporate firewalls. With this in mind, the aim of this post is to…

read more
From Lares Labs: Defensive Guidance for ZeroLogon (CVE-2020-1472) 2048 1365 Anton Ovrutsky

From Lares Labs: Defensive Guidance for ZeroLogon (CVE-2020-1472)

About Zerologon (CVE-2020-1472) On September 11th, 2020, Secura researcher Tom Tomvoort published a blog post outlining the Zerologon vulnerability. Microsoft’s August Patch Tuesday releases contained a patch for CVE-2020-1472 which can be exploited by attackers to hijack enterprise servers due to Netlogon cryptographic weaknesses. The vulnerability allows an attacker to set a password for the…

read more



Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2022 Lares, LLC | All rights reserved.
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.