“Shifting left,” in the cybersecurity world, refers to focusing on preventing attacks in earlier stages, rather than relying solely on detection and response.

By implementing a balanced approach that combines both detection and prevention measures, organizations can improve their security posture and better protect themselves from the evolving threat landscape.

Discover the practical ways your organization can implement the shift left approach to strengthen your defenses against cyber threats. Learn more in our newest blog series, “Shifting Left in Cybersecurity: Balancing Detection and Prevention” Part 1 & Part 2.

InQuest Email Security Assessment

This month we harvested 444 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 182 (41%), and Google missed 212 (48%). The distribution of misses by file type is depicted below:

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation

InQuest Latest Blog Posts

Shifting Left in Cybersecurity: Balancing Detection and Prevention - Part 1

Posted on 2023-04-24 by Darren Spruell

In the cybersecurity world, the concept of "shifting left" refers to focusing on preventing attacks in earlier stages, rather than relying solely on detection and response. By implementing a balanced approach that combines both detection and prevention measures, organizations can improve their security posture and better protect themselves from the evolving threat landscape.

Shifting Left in Cybersecurity: Balancing Detection and Prevention - Part 2

Posted on 2023-04-25 by Darren Spruell

In this second part of our series, we'll dive into practical ways your organization can implement the shift left approach to strengthen your defenses against cyber threats. Balancing detection and prevention measures is key to maintaining a strong security posture in the face of an ever-evolving threat landscape.

InQuest Labs Research Spotlight

EDR Telemetry

This repo provides a list of telemetry features from EDR products and other endpoint agents such as Sysmon broken down by category.

Twitter's Recommendation Algorithm

Twitter's Recommendation Algorithm is a set of services and jobs that are responsible for serving feeds of Tweets and other content across all Twitter product surfaces.

Chainsaw

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artefacts such as Event Logs and MFTs.

Global Security Events

Ukraine remains Russia’s biggest cyber focus in 2023

Google’s Threat Analysis Group (TAG) continues to disrupt campaigns from multiple sets of Russian government-backed attackers focused on the war in Ukraine. This blog provides insights on attacker trends from primarily January - March 2023, continuing our analysis from Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape.

HTML Smuggling: Recent observations of threat actor techniques

HTML smuggling isn’t a new technique by any means, but its utility and flexibility make it a potent technique that still proves effective for threat actors today. For some actors, e.g. those delivering Qakbot, HTML smuggling is leveraged to deliver malicious content (typically ISOs or ZIPs with the eventual payload inside).

Malicious ISO File Leads to Domain Wide Ransomware

IcedID continues to deliver malspam emails to facilitate a compromise. This case covers the activity from a campaign in late September of 2022. Post exploitation activities detail some familiar and some new techniques and tooling, which led to domain wide ransomware.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.