InQuest Labs was released to provide an open, community portal for researchers, students, and hobbyists. Within InQuest Labs, there are multiple calibers to arm a security analyst with and help to detect weaponized documents, assist with detection engineering, and research threat intelligence indicators.

The 2022 InQuest Labs Year in Review describes the statistics found within the platform. Nearly 700,000 files have generated over 60 Million DFI-derived indicators. REP-DB ingested close to 5 Million IOCs from over two dozen public dissemination feeds. Finally, IOC-DB swallowed over 700,000 indicators from crawling researchers’ public contributions.

In appreciation of this open-source tooling, we put together this graphic.

It is never too late to dig inInQuest Labs.

InQuest Email Security Assessment

This month we harvested 197 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 85 (43%), and Google missed 125 (63%). The distribution of misses by file type is depicted below:

InQuire for a free, personalized email security assessment!

InQuest Latest Blog Posts

At Least 4 New Reasons Every Day To Check Your Email Security Stack

Posted on 2023-01-03 by Isabelle Quinn

At InQuest, we’re obsessed with finding malware, exploits, zero-days, phishing lures, ransomware, data loss violationsm and more - cleverly hidden within the everyday files your end-users interact with. And, of course, it is a well-worn maxim that 94% of all malware is delivered via email.

ThreatIngestor Release v1.0.2

Posted on 2023-01-31 by Trevor Borden

ThreatIngestor is a flexible, configuration-driven, extensible framework for consuming threat intelligence. It can monitor Twitter, RSS feeds, and other sources, extract meaningful information like C2 IPs/domains and YARA signatures, then send that information to other systems for analysis.

InQuest Labs Research Spotlight

gophish

Gophish is an open-source phishing toolkit designed for businesses and penetration testers.

mercy

Mercy is a public Rust crate created to assist with building cybersecurity frameworks (offensive and defensive) and assessment tools.

linWinPwn

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks.

Global Security Events

Cyber Insights 2023: Attack Surface Management

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas of IT infrastructure that can be attacked.

Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations

Since January 2021, Mandiant Managed Defense has consistently responded to GOOTLOADER infections. Threat actors cast a widespread net when spreading GOOTLOADER and impact a wide range of industry verticals and geographic regions.

UK cyber experts warn of targeted phishing attacks from actors based in Russia and Iran

The UK has warned of the threat from targeted spear-phishing campaigns against organisations and individuals carried out by cyber actors based in Russia and Iran.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.