Machine Vision and Optical Character Recognition (OCR)
Beyond the capability of identifying, extracting, and exposing malicious content from hundreds of file types. InQuest Deep File Inspection (DFI) utilizes machine vision and optical character recognition (OCR) to identify the social engineering component of a variety of malware lures. This is one of a myriad of techniques that we employ to detect novel malware that may leverage previous unseen pivots.

InQuest provides the ability to capture and catalog all web and e-mail session information and files at a "carrier class" 20 Gbps. We also support the capability to scrutinize HTTP and SMTP headers.

Click below to learn more about how we beat traditional security defenses.

Read More
Latest InQuest Blog Posts
Detecting Empire with InQuest
Josiah Smith / 2019-01-21

This write-up details how the InQuest platform is used to identify malicious documents that have payloads that were generated by PowerShell Empire. A go-to framework for pentesters, redteamers, and cybercriminals, PowerShell Empire has a robust capability for exploitation and post-exploitation. Listeners, Stagers, and Agents are detailed within a demonstration of a spear-phishing type of attack. The highlight of the discussion shows how the InQuest platform was able to detect the malicious document and combination of signatures contextually dictated the threat score of the file..

Read More
Extracting "Sneaky" Excel XLM Macros
Amir Niakan / 2019-1-28

In this article, we present our in-depth analysis of a malicious Excel document (.xls format) that we found in the wild. We show how existing open source tools can be utilized to carve useful information from such a document. During this analysis, we also point out the limitation of existing tools in carving certain types of information from .xls documents and present our solution to extract such information.

Read More
InQuest Labs Research Spotlight
giggity
Wraps GitHub API for openly available information about an organization, user, or repository.
Read More
Lynis
Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing and system hardening.
Read More
payloads
Git All the Payloads! A collection of web attack payloads.
Read More
Global Security Events
‘Collection 1’ breach exposes 773M unique emails, 21M passwords
@SCMagazine

The extensive collection of files on the MEGA cloud service that exposed nearly 773 million unique emails and 21 million unique passwords and was posted on a hacking forum, came from a number of breaches and sources.

Read More
DHS: Multiple US gov domains hit in serious DNS hijacking wave
@arstechnica

The Department of Homeland Security has issued an emergency directive ordering administrators of most federal agencies to protect their Internet domains against a rash of attacks that have hit executive branch websites and email servers in recent weeks.

Read More
THE ZDI 2018 RETROSPECTIVE
@thezdi

In 2018, the ZDI published 1,444 advisories – 427 more than 2017 and represents a 42% increase in released advisories. Of these published advisories, 158 (nearly 11%) were classified as 0-day.

Read More
Useful Links
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest 2019