In this article, we dissect a sneaky malicious Microsoft Excel XLM file that we caught in the wild. To do so, we utilize a few open source as well as in-house tools to analyze the Excel document. During our analysis, we point out the limitations of a few popular file carving tools, such as foremost and scalpel, in extracting data from this and related samples.
Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.
Posted on 2019-01-29 by Amirreza Niakanlahiji
Posted on 2019-01-21 by Josiah Smith
Powershell Empire is a go-to tool for pentesters, red-teamers, and cyber-criminals. While it is an incredible framwork, the InQuest platform easily detects the obfuscated payloads that are generated.
Posted on 2018-12-28 by Steve Esling
Inquest uses a variety of machine learning algorithms to model the features of malware that we collect and to gain new insights from such data. Here we travel down the branching rabbit hole of random forests and gradient boosting.
Posted on 2018-12-18 by Rob King
Here at InQuest, YARA is among the many tools we use to perform deep-file inspection, with a fairly extensive rule set. InQuest operates at line speed in very high-traffic networks, so these rules need to be fast. This blog post is the second in a series discussing YARA performance notes, tips, and hacks.
Posted on 2018-11-14 by Steve Esling
Machine learning is one of the most versatile fields in all of computer science, with applications ranging from physics to art history, so, of course, it has a myriad of uses with regards to the detection and diagnosis of malicious programs; uses that we at InQuest would be remiss to not start utilizing ourselves. Here we go over some of the many ways ML algorithms are being leveraged for our purposes.