InQuest aims to automate and scale the expert knowledge of a typical SOC analyst. The InQuest platform leverages a variety of sources in an automated decision-making engine. This includes bi-directional orchestration with multi-scanning and sandbox solutions, unique threat intelligence sources and a seasoned signature development team augmented by machine learning.

Get in touch to learn more!

InQuest Email Security Assessment

This month we harvested 2139 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 66 (3%), and Google missed 2110 (98%). The distribution of misses by file type is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest™ Blog Posts

Tandem Espionage

Posted on 2022-05-25 by Dmitry Melikov

Some time ago, we discovered an interesting campaign distributing malicious documents. Which used the download chain as well as legitimate payload hosting services. In this report, we will show the technical side of this campaign and provide additional indicators.

Detection Multiplexing

Posted on 2022-05-10 by Steve Esling

One of our mantras at InQuest is that “there is no silver bullet” and our platform is architected with this in mind. There are some great technologies that we both build on and integrate with and, where there are gaps, we engineer solutions. In a nutshell, we multiplex multiple technologies in tandem. Similarly, our open research portal labs.inquest.net empowers analysts to draw conclusions about a given sample through multiple lenses.

InQuest™ Labs Research Spotlight

Malduck

Malduck is your ducky companion in malware analysis journeys.

Windows EVTX Samples

This is a container for windows events samples associated to specific attack and post-exploitation techniques.

Malware Samples

This repository is intended to provide access to a wide variety of malicious files and other artifacts.

Global Security Events

New Microsoft Office zero-day used in attacks to execute PowerShell

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document.

Online scamming fraud: three Nigerians arrested in INTERPOL Operation Killer Bee

An INTERPOL-led operation targeting malware cyber fraud across Southeast Asia has led to the Nigeria arrest of three suspected global scammers.

CISA issues rare emergency directive as ‘critical’ cyber vulnerabilities emerge

Threat actors, including likely advanced persistent threat (APT) actors, are exploiting vulnerabilities (CVE 2022-22954 and CVE 2022-22960) in multiple VMware products.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.