InQuest Blog

PSChain

Posted on 2021-05-26 by Dmitry Melikov

Dive Into Cobalt Strike

Posted on 2021-05-11 by InQuest Labs Community User

An Exploration and Explanation of Randomized Parameter Optimization

Posted on 2021-04-29 by Steve Esling

machine-learning

Unearthing Hancitor Infrastructure

Posted on 2021-04-16 by Dmitry Melikov

InQuest & MalwareBazaar Integration

Posted on 2021-03-31 by William MacArthur

Blog Archive

2022
- September
  August
  July
  June
  - GlowSand
  - Follina, the Latest in a Long Chain of Microsoft Office Exploits
  May
  - Tandem Espionage
  - Detection Multiplexing
  April
  March
  - Cloud Atlas Maldoc
  February
  - Dangerously thinBasic
  - +380-GlowSpark
  January
  - 2022-01 AsyncRAT
  - Analysis of a Remcos RAT Dropper

2021
- December
  - Log4Shell
  - (Don't) Bring Dridex Home for the Holidays
  November
  - Graphical Lures In The Age of Cybercrime.
  - Adults Only Malware Lures
  October
  - How Email Works
  - Advanced Qbot Downloader
  September
  - Rechnung Financial Malspam
  - CVE-2021-40444
  August
  - The Trystero Project
  - Kimsuky Espionage Campaign
  July
  - Espionage Utilizing Mobile Devices
  - IcedID: 07.07.21
  June
  May
  - PSChain
  - Dive Into Cobalt Strike
  April
  - An Exploration and Explanation of Randomized Parameter Optimization
  - Unearthing Hancitor Infrastructure
  March
  - InQuest & MalwareBazaar Integration
  - Mail Provider Comparison
  February
  - Cracking Password Protected Payloads
  January
  - Carving Images for Leisure and Gain
  - String Encoding and YARA... Oh My

2020
- December
  - Social Engineering Attacks And E-mail Security
  - Clustering for Classification: Using Unsupervised Learning for Label Expansion
  November
  - The Trystero Project: A Comparison of Mail Providers
  - SOC-Class: Use Case Development
  October
  - Cybersecurity Awareness Month
  - Cerbero Suite: The Hacker’s Multitool
  September
  - InQuest Labs Year in Review
  August
  - Detection in Depth
  - Persian Kitties Hiding Benign Executables
  July
  - Tale of a Polished Carrier
  - A Phishing TTP
  June
  - Get The Most Out Of Your IoC: The Beginner’s Guide
  May
  - Detecting Coercive Lures with OCR
  - ZLoader 4.0 Macrosheets Evolution
  April
  - Deep File Inspection for Data Leakage
  March
  - COVID-19 Scare Tactics: Want to buy some masks?
  - Getting Sneakier: Hidden Sheets, Data Connections, and XLM Macros
  February
  - Reverse Engineering on Windows: A Focus on Malware
  January
  - Pyramid of Pain Vs. The Iceberg of Inspection
  - Internship Retrospective

2019
- December
  - Threat Hunting On Your Own Network With InQuest
  - Ransomware in Your Stocking
  November
  - Holiday Blog: Tis' the Season
  - Field Notes: Multistage Maldoc Delivers Executable Masked as JPG
  October
  - Base64 Encoded Regular Expressions for Fun and Profit
  - Programmatic Interaction with InQuest Labs via Python
  September
  - Adobe XMP: Tales of an Overlooked Anchor
  - Advanced Support for the SOC Hunter
  August
  July
  - Base64 Encoded Powershell Pivots
  - Emotet, Unmasking via Machine Learning
  June
  - YARA For Everyone: Sharing is Caring
  May
  - Abusing Registration-Free COM Interop
  April
  - Analysis of an Interesting Malicious HTA File
  March
  - Making a Twitter Bot with ThreatIngestor
  - Analyzing Sophisticated PowerShell Targeting Japan
  February
  - Family Matters: Using MinHash to Cluster Data
  - Quick Analysis of A Customer Malspam Encounter
  January
  - Extracting "Sneaky" Excel XLM Macros
  - Detecting Empire with InQuest

2018
- December
  - Ex Machina: A Frolic through the Forests
  - Short-Circuiting Boolean Operators in YARA
  November
  - Ex Machina: Man + Machine
  September
  - Stringless YARA Rules
  May
  April
  March
  - InQuest Provides Zero-Day Coverage Against Advanced Threats via Partner Exodus Intel
  - Defense in Depth: Detonation Technologies
  February
  - An Introduction to Deep File Inspection
  - Adobe Flash MediaPlayer DRM Use-After-Free Vulnerability
  January
  - InQuest Deployed by DISA in the Joint Regional Security Stack (JRSS)

2017
- October

InQuest Blog

PSChain

Dive Into Cobalt Strike

An Exploration and Explanation of Randomized Parameter Optimization

Unearthing Hancitor Infrastructure

InQuest & MalwareBazaar Integration

Blog Archive

Blog Tags

Subscribe to InQuest Insider

Overview

What is FDR?

Technology

Core Features

Benefits

Differentiation

Solutions

Solutions

File-borne Attack Use Cases

Threat Hunting Use Cases

SOC ROI Use Cases

Products & Services

Products

Services

Pricing

Resources

Company

InQuest Blog

PSChain

Dive Into Cobalt Strike

An Exploration and Explanation of Randomized Parameter Optimization

Unearthing Hancitor Infrastructure

InQuest & MalwareBazaar Integration

Blog Archive

Blog Tags

Subscribe to InQuest Insider