Lares Labs

Kerberos IV - Delegations

In the third part of this Kerberos series, we focused on leveraging user credential material for impersonation through techniques such as Pass-the-Key/Ticket/Cache/Certificate, and Shadow Credentials. Additionally, we explored how to manage and forge Kerberos tickets to facilitate lateral movement, privilege escalation, and establish persistence within the domain.

penetrationtesting

Kerberos III - User Impersonation

The goal of this post, whether we are adversaries or defenders, is to help us understand the multiple ways that Kerberos offers to access resources using the credential material gathered.

ransomware

Protecting Your Business - Ransomware Prevention and Recovery Best Practices

Ransomware attacks have emerged as one of the most significant cybersecurity threats to organisations worldwide, creating substantial challenges for data security and business continuity.

se101

SE101: Phishing Attack Overview and Breakdown

In short, just like Smishing, Phishing is a social engineering attack vector that leverages email-based messaging to deceive individuals/groups into taking several actions (outlined later in the post).

penetrationtesting

This one time on a pentest... Is life just a CTF?!

Consider the series like a set of war stories from the front line, not always wins or epic hacks, but sometimes just cool attack paths or equally interesting environments.

penetrationtesting

Kerberos II - Credential Access

In this part of the series, we will focus on Credential Access and the attacks that Kerberos can facilitate.

penetrationtesting

Kerberos I - Overview

This post, is the first in the series and will aim to provide an overview of the protocol, from its beginnings to the different (ab)use techniques.

penetrationtesting

Pentesting 101 Part 4: Penetration Test Report & Debrief - The Deliverables

This part of the series will focus on what a penetration testing report should contain and how we use the penetration engagement, the testing activities carried out, and the information, vulnerability, and/or exploit data we documented to populate the penetration testing report.

penetrationtesting

Pentesting 101 Part 3: Executing the Scope-of-Work & Penetration Testing

It's time to test some pens ... Following our previous posts, Part1 & Part 2, let's continue building on what we have learned and moving towards our end goal. So, a quick recap! * We posed and answered the question: what is Penetration Testing? * We’ve identified your driving factors, why you need

passwords

I Know What Your Password Was Last Summer...

We have spent the last six months researching on the previous two years of prior cracked passwords and built some tools to understand password creation strategies better. Here are the results.

socialengineering

SE101: Smishing Attack Overview and Breakdown

‘Smishing’ is a blended word comprised of "SMS" (short message service)and "phishing." In short, it's a social engineering attack vector that leverages text messages to deceive individuals into taking several actions (outlined later in the post).

penetrationtesting

Introducing Super Sharp Shares

SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your associated domain account.

socialengineering

SE101: What's a Pretext?

Explaining pretexting in the context of SE101 and how to fit in with your pretext.

socialengineering

SE101: The Grey Man Concept: A must-have trait/ability for any Social Engineer

Social engineering is an umbrella term used interchangeably when discussing various malicious activities accomplished through multiple forms of human interaction.

socialengineering

SE101: What Is Social Engineering?

SE101: What Is Social Engineering? A quick guide and explanation to the different types of SE.

redteam Featured

Converting Tokens to Session Cookies for Outlook Web Application

As the adoption of Multi-Factor Authentication increases throughout organizations, so does the desire to bypass these protections.

hiring

What We Look for in a Tester

Every firm thinks they have the best team on the planet; we are no exception. Our Adversarial Engineers work hard to ensure our clients realize their potential when securing their systems and data.

activedirectory

Common ADCS Vulnerabilities: Logging, Exploitation, and Investigation - Part 2

In part 2, we investigate different scenarios and how to identify malicious users from a defensive standpoint.

adcs

Common ADCS Vulnerabilities: Logging, Exploitation, and Investigation - Part 1

In a two-part series, we look at Active Directory Certificate Services (ADCS), how to stand up a lab environment and logging from a defensive standpoint.

penetrationtesting Featured

Offensive Sysadmin Suite, aka Adversary Kit

The Offensive Sysadmin Suite provides a comprehensive set of tools presented in PowerShell and C#. This post dives into the functions of each.

penetrationtesting

Introducing Slinky Cat - Living off the AD Land

Slinky Cat has been developed to automate some of the methods introduced in living off the land and to supplement ScrapingKit. To help security and IT teams reduce their AD exposures and uncover quick wins and fixes designed for pen-testers and defenders alike.

penetrationtesting

Pentesting 101 Part 2: The Pre-Req’s of Scoping a Penetration Test Engagement

Detailing the steps required prior to performing pentesting, the essential details to understand and the end-to-end process.

redteam

The Phantom Menace: Exposing hidden risks through ACLs in Active Directory

The abuse of misconfigured Access Control Lists is nothing new. However, it is still one of the main ways of lateral movement and privilege escalation within an active directory domain.

OT

The Importance of OT Assessments in Critical Infrastructure

Operational Technology (OT) systems drive and support the critical infrastructure the world depends upon. These systems power our homes, produce the gasoline for our cars, run our mass transit systems, and many more things that keep our civilization running smoothly. These systems often are seen as so sensitive and critical

governance

The MOVEit Exploit and Its Impact on Cybersecurity Governance

This blog post will explore the MOVEit exploit and its potential impact on cybersecurity governance, shedding light on the measures organizations can take to mitigate future risks.