Posted on 2019-10-30 by Rob King
Earlier this year, we here at InQuest launched our new InQuest Labs website. Labs is an amazing resource, with a plethora of useful tools and intelligence offerings. Much could be written about the site, and much has been...but not about this part right here:
Posted on 2019-10-16 by Adam Musciano
Deep File Inspection, or DFI, is the reassembly of packets captured off of the wire into application level content that is then reconstructed, unraveled, and dissected (decompressed, decoded, decrypted, deobfuscated) in an automated fashion. This allows heuristic analysis to better determine the intent by analysis of the file contents (containers, objects, etc.) as an artifact.
Posted on 2019-09-30 by Amini, Remen
In this blog, we discuss Adobe Extensible Metadata Platform (XMP) identifiers and how they can be used as both pivot and detection anchors. Defined as a standard for mapping graphical asset relationships, XMP allows for tracking of both parent-child relationships and individual revisions. There are three categories of identifiers: original document, document, and instance. Generally, XMP data is stored in XML format, updated on save/copy, and embedded within the graphical asset. This last tenet is critical to our needs as we'll be tracking the usage and re-usage of both malicious and benign graphics within common Microsoft and Adobe document lures.
Posted on 2019-09-24 by Josiah Smith
InQuest provides an automated platform for SOC hunter that includes powerful means for inspecting files to detect the presence of malicious code. The platform ingests network data and then goes through a variety of analytic functions resulting in an effective risk score. Check out this interview between Ed Amoroso of Tag Cyber and Pedram Amini, our CTO.
Posted on 2019-08-30 by William MacArthur
Since YARA rule creation is a highly valuable skill set we approach the lessons slowly, think of "baby steps" from the movie "What About Bob?" as the approach. In keeping the spirit of the process, we feel that the next natural step to take is to learn about the different components that make up the rules and focus on how they are constructed.