InQuest Labs’ Brand Monitor is a great way to discover publicly disclosed files that contain references to your corporate domain. On many occasions, sensitive files have been inadvertently uploaded to public multi-av platforms and reveal proprietary or personal information. InQuest Labs does the heavy lifting for you, tracking many different file ingestion resources and sending alerts as soon as sensitive files are detected.

Login via your business e-mail address to receive e-mail notifications when ingested files reference your company domain.

InQuest Email Security Assessment

This month we harvested 705 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 328 (47%), and Google missed 311 (44%). The distribution of misses by file type is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest Blog Posts

Black Basta: Riding the Crimeware Sleigh

Posted on 2022-12-13 by Chase Sims and Nick Chalard

Those who keep tabs on ransomware are no doubt aware of the Black Basta ransomware group. They’ve gained their share of notoriety since some of the group’s malicious code was first detected back in April of 2022. What is interesting here today is that in just the past two weeks, Black Basta deployments are on the rise.

InQuest Labs Research Spotlight

Detection Lab

This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations.

iocextract

This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes some encoded and "defanged" IOCs in the output, and optionally decodes/refangs them.

prowler

Prowler is an Open Source security tool to perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.

Global Security Events

BlueNoroff introduces new methods bypassing MoTW

The first new method the group adopted is aimed at evading the Mark-of-the-Web (MOTW) flag, the security measure whereby Windows displays a warning message when the user tries to open a file downloaded from the internet.

Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy

In dissecting GuLoader’s shellcode, CrowdStrike revealed a new anti-analysis technique meant to detect if the malware is running in a hostile environment by scanning the entire process memory for any Virtual Machine (VM)-related strings.

The most dangerous cyber security threats of 2023

In this round up, we reveal which threat vectors cyber security experts believe will rise to prominence in 2023, and they offer their advice on how best to combat them.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.