24929063-d97d-44ca-8f98-6592266fbb20.png
70c40dbf-a11f-4f37-bf89-ba55b63137e0.png
8926f8a5-1c21-470c-aeca-1eae0b30467e.png
cdc70414-ddf2-441c-914c-4a0bb0ee9cf0.png

InQuest not only provides the ability to capture and catalog all web and e-mail session data carrier class speeds up to 20Gbps. We also support the customer with the ability to capture and analyze data-at-rest via CIFS/SMB.

The perfect complement to retrospective file analysis, Deep File Inspection (DFI) over data-at-rest provides a sentry for your endpoint and critical storage locations. Scan potential threats that were introduced via peripheral media or encrypted protocols.

Typical file content may be crated and compressed in a variety of trivially parseable formats. Common malware carriers however will leverage a variety of encapsulation layers to mask their malicious intent... like a Matryoshka doll, also known as Russian nesting dolls. DFI is our solution to unmasking these threats.

Whereas, other network-based solutions can barely scratch the surface beyond layer 7. InQuest DFI will typically expose an additional 4x worth of content for threat and data loss prevention.

In addition to the weekly signatures provided by InQuest Labs, the platform provides the ability to create, test, and tune custom signatures to address threats to your organization.

Click below to learn more about how we beat traditional security defenses.

Read More
Latest InQuest Blog Posts
c6ea1004-bc41-4e76-a53c-4ffe642f9a89.png
Short-Circuiting Boolean Operators in YARA
Rob King / 2018-12-18

Here at InQuest, YARA is among the many tools we use to perform deep-file inspection, with a fairly extensive rule set. InQuest operates at line speed in very high-traffic networks, so these rules need to be fast. This blog post is the second in a series discussing YARA performance notes, tips, and hacks.

Read More
3512381b-1025-446f-975b-7386422d19d8.png
Ex Machina: A Frolic through the Forests
Steve Esling / 2018-12-29

Today, we’re going to take a deeper dive into two of our classifiers, Random Forests (RF) and Gradient Boosting (GB), and discuss some of their interesting findings.

Read More
InQuest Labs Research Spotlight
fa2559fa-1ca1-40e1-91c9-989189ed49b1.png
the-book-of-secret-knowledge
A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools for System and Network Admins, DevOps, Pentesters or Security Researchers.
Read More
cc5e0e72-d744-42f7-b119-35202751a67a.png
homemade-machine-learning
Python examples of popular machine learning algorithms with interactive Jupyter demos and math being explained.
Read More
59ae943f-e53a-470b-a96f-063b8417b358.png
fiercecroissant
Pastebin scraper written in python designed to look for obfuscated pastes and save them. Decoders can then be applied to the pastes to de-obfuscate them for code samples
Read More
Global Security Events
11752793-cccf-4f2a-b8c4-19e739faa06a.png
Microsoft issues emergency fix for Internet Explorer zero-day
eff3f28f-e32b-474b-bacf-b571e9d05b8b.png
@welivesecurity

Microsoft rolled out an emergency security update to patch a zero-day in Internet Explorer that was being exploited in the wild. CVE-2018-8653 resides in IE’s scripting engine, specifically in how the engine handles objects in memory.

Read More
53d5334e-60a3-4375-823e-954fe984128f.png
How China's elite hackers stole the world's most valuable secrets
eff3f28f-e32b-474b-bacf-b571e9d05b8b.png
@WIRED

A new Justice Department indictment outlines how Chinese hackers (specifically APT10) allegedly compromised data from companies in a dozen countries in a single intrusion.

Read More
22b46ed7-162d-4af9-bdc3-a996d2b022db.png
Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
eff3f28f-e32b-474b-bacf-b571e9d05b8b.png
@Unit42_Intel

The Sofacy threat group continues to carry out attacks using their Zebrocy tool. The developers of Zebrocy have once again created a new version the Trojan using a different programming language, specifically the Go language. .

Read More
Useful Links
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest 2018