InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.
Posted on 2019-05-29 by Amirreza Niakanlahiji
In this short post, we dissect the inner workings of registration-free COM interop and present a known technique that red teamers can abuse to dynamically load .NET assembly logic. Additionally, minor obfuscated variations are presented in hopes of evading existing detection mechanisms. Proof-of-concept code snippets are provided in a variety of scripting languages to demonstrate versatility.
Posted on 2019-04-30 by Amirreza Niakanlahiji
In this article, we analyze a malicious hta file that we found on VirusTotal. This instance uses a few interesting techniques to evade existing detection mechanisms. In this blog post, we provide an in-depth analysis of this instance and reveal the techniques that are utilized to keep the instance under the radar. At the time of hunting this instance, only two engines marked this instance as malicious.
Posted on 2019-03-26 by Adam Musciano
ThreatIngestor helps you collect threat intelligence from public feeds, and gives you context on that intelligence so you can research it further, and put it to use protecting yourself or your organization. In this post, we will go through the process of making a twitter bot.
Posted on 2019-03-09 by Amirreza Niakanlahiji
In this article, we dissect a sophisticated multi-stage PowerShell script that was found on HybridAnalysis a few days back. The discussion entails an in-depth analysis of the various techniques that this particular malware instance utilized to keep itself under the radar. As of writing this article, none of the AntiViruses on VirusTotal detected this sample.
Posted on 2019-02-28 by Steve Esling
Unsupervised machine learning can give us insights that supervised learning cannot. Here, we go over one of these algorithms, MinHash.
Blog Archive