The InQuest Deep File Inspection platform contains a tailored dictionary list used to attempt the decryption of password protected files and detect otherwise hidden malware. This additional detection capability augments proprietary threat intelligence with insight into emerging threat campaigns, new TTPs, and evolving malware families.

As part of our email security solution, we analyze the full context of the email (body, OCR, etc) to identify passwords that can be used to peer into the encrypted layers. This dynamically produced password list that can be used to decrypt and analyze protected attachments.

Read more about InQuest's Cloud Email Security!

Latest InQuest™ Blog Posts

Cracking Password Protected Payloads

Posted on 2021-02-26 by Deandre Hall

The staff at InQuest have been busy running a variety of different research experiments in the realm of bleeding-edge maldoc discovery to ensure the efficacy of detection for our customers and generate threat intelligence. One such experiment is our Twitter bot that tweets about malicious stage-2 RTFs referenced from documents found within the InQuest Labs Corpus. Another additional research project includes the mass curation and password cracking attempts of encrypted files.”

InQuest™ Labs Research Spotlight

ImHex

A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM.

ScareCrow

ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process.

Invoke-PSImage

Invoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.

Global Security Events

Computer intruder tried to poison Florida city’s drinking water with lye

Someone broke into the computer system of a water treatment plant in Florida and tried to poison drinking water for a Florida municipality’s roughly 15,000 residents, officials said.

Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight

Earlier this month, Red Canary detection engineers came across a strain of macOS malware using a LaunchAgent to establish persistence. Their investigation almost immediately revealed that this malware did not exhibit the behaviors expecdted from the usual adware that so often targets macOS systems.

The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day

Checkpoint's recent research aims to shed more light into a stolen cyber weapon, and reveal conclusive evidence that such a leak did actually take place years before the Shadow Brokers leak, resulting in US developed cyber tools reaching the hands of a Chinese group which repurposed them in order to attack US targets.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.