Reverse engineering malicious documents with Cerbero Suite. The Hacker's Multitool provides functionality to aid in a multitude of analysis needs. With support for Office Documents, PDFs, images, Email, RTF, and SDK is just the beginning. There is also the flexibility to analyze Windows memory and crash dumps or to integrate with Ghidra. For in-depth malware analysis, make sure to subscribe to their YouTube channel.
Latest Flash Alert
No flash alerts available at this time. See prior flash alerts.
Latest Event
We launched InQuest Labs (labs.inquest.net) in August of 2019, as a way to publicly demo some of our research and development and to empower researchers interested in discovering novel/exemplar document borne malware. Unveiled at Black Hat 2019, InQuest Labs made a splash with the availability of a free (as in beer) aggregate reputation feed, communal IOC harvesting, tools for YARA developers, and a light version of our Deep File Inspection (DFI) engine.
Latest White Paper
Data Loss Discovery Driven by Deep File Inspection (DFI™)
The purpose of this whitepaper is to describe the capabilities provided by the InQuest platform related to identifying the exposure of sensitive information. With the recent explosion of data breach reports in the news, preventing the loss of sensitive data has become an area of focus for many organizations.
Here's what our customers are saying
Prior to having InQuest, file decompression, decoding and post-processing were all manual steps that were very time consuming for us. Now that we're using InQuest, all of those steps are automated and it has given us the ability to apply these steps to not only files we think are suspicious, but all files received by our users.
Having the ability to search historically based on file content is like having our own internal VirusTotal Retrohunt.
The threat score calculation and assignment being performed by InQuest's engine makes it easy for us to sift through the legitimate sessions and focus on the real threats targeting our users.
InQuest provides a complete network forensics picture, from session details such as header information to file details such as the hash, size, type and even the raw file.
The data loss prevention coverage InQuest provides for data-in-transit is second to none.
The InQuest platform is unlike any other network-based security system we've seen. The performance of their native capture engine and analytic capabilities are unparalleled in terms of the throughput it can support and the number of files it can dissect and analyze.
The third-party integrations with multiav and sandbox solutions are seamless. We have never had a security platform that made it so easy to automate all of our static and dynamic file analysis efforts.
Over half of our customer’s traffic is encrypted and InQuest is the first security platform we’ve seen with a specific focus on using SSL related indicators of compromise to detect the bad guy’s infrastructure.
The threat intelligence InQuest is able to gather and disseminate via their reputation and threat feeds has alerted us to numerous customer compromises. They are truly at the cutting edge when it comes to identifying threat actor infrastructure as it is deployed.
It’s pretty amazing that they are able to support capturing, reassembling, processing, storing and inspecting content at speeds over 20Gb without dropping traffic all in a 1U box.
We’ve been customers for several years now and up until the recent acquisition of their appliances we were running their collectors on 4U boxes with flash storage cards. As a result of that acquisition, we went from having to deal with three different vendors to one vendor, reduced our rackspace footprint as well as our power consumption which all resulted in a huge cost savings for us. Kudos to InQuest!
Through their data orchestration and workflow, they’ve made it really easy for us to establish repeatable workflows from within their UI. That has saved our SOC analysts a considerable amount of time and has enabled them to pivot through data from numerous systems all from a single pane of glass.
InQuest is excited to announce the Breach and Attack Simulation E-mail Assessment.
To validate an e-mail security stacks' capability in blocking current real-world threats harvested from the wild. InQuest harvests unique malware daily and validates the detection efficacy of the common cloud e-mail providers (GSuite, O365, etc.).
Collectively, the default security stacks offered by the providers are capable of detecting between 85% and 95% of these novel attacks. The samples capable of bypassing these stacks are candidates for the InQuest E-mail Security Assessment.
Get the InQuest Insider
Subscribe here to receive our monthly newsletter, the InQuest Insider. It will provide you with the top stories, news about new innovative malware, threat research / threat hunting, tools and security tips from the last month.