InQuest Blog

Posted on 2022-09-07 by Pedram Amini
Our industry has had a hyper focus on detection and response for a number of years now. You know all the major categories: EDR, NDR, and XDR. There are so many DR’s that an entire industry of companies who purport to manage it all for you has spawned (MDR). It ought to be clear that we’ve all conceded prevention can only take us so far. The attackers will still get through even the most well-architected defense-in-depth armor.
Posted on 2022-09-02 by Pedram Amini
The average Internet user sees a harmless file that contains something to be read, viewed, or run - either for pleasure or as a responsibility. They just want to get on with their daily task list. Attackers, just as drug smugglers, see this complacency - vehicles where illegal substances can be hidden from view in the undercarriage, a door panel, or some other area of a vehicle that no one commonly (or easily) checks on a moment-by-moment basis. Next thing you know, you’ve been phished, or ransomware has locked up your business.
Posted on 2022-08-31 by Pedram Amini
The threat landscape is said to be changing all the time. But is it really? In some ways yes, in some ways no. Let’s peel this back a bit - as it is really easy to get lost in all the factoids packed into each year’s Verizon DBIR, let alone the cacophony of vendor messages bombarding your eyes and ears at major cybersecurity venues like RSA or BlackHat. Now before I start, let me say, we obviously realize cyberspace is inordinately complex - universal attack surface, human error, motivated and skilled adversaries - we all know the tropes.
Posted on 2022-08-29 by David Ledbetter
In a previous post, we discussed the “@” symbol used to separate an apparent legitimate URL from the real target. In this case, there has been a small flood using the URL of “http://jmcglone.com@” with many different URLs or IP addresses after the “@” symbol. If we look at the VirusTotal information for this page, we see the online scan says it is clean and that it has also been around for ten years.
Posted on 2022-08-18 by David Ledbetter
Follow along through the dissection and analysis of an oddly obfuscated maldoc that ultimately delivers the well-known GOZI ISFB banking trojan.

Blog Archive

Subscribe to InQuest Insider

Subscribe

* indicates required