We are thrilled to dedicate this month's newsletter to the exciting challenge of "100 Days of YARA." At InQuest, we wholeheartedly embrace the power and versatility of YARA, and we are delighted to join you in celebrating this incredible endeavor.

This challenge provides an invaluable opportunity for participants to collaborate, exchange ideas, and learn from one another. It fosters a sense of camaraderie among like-minded individuals who are passionate about bolstering cybersecurity defenses. Through "100 Days of YARA," participants develop a deeper appreciation for the tool's immense potential. They uncover its applications in threat hunting, malware analysis, incident response, and more. By creating and sharing their own rules, they contribute to a growing repository of knowledge that benefits the entire cybersecurity community.

As you embark on your own "100 Days of YARA" adventure, remember that knowledge is power. The more we understand and utilize YARA, the better equipped we are to defend against ever-evolving cyber threats. While looking forward to 2024, let us join together in celebrating this incredible challenge and the collective efforts to strengthen our cybersecurity defenses.

InQuest Email Attack Simulation

This month we harvested 215 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 70 (43%), and Google missed 190 (88%). The distribution of misses by file type is depicted below:

Recently we've incorporated the inclusion of samples sources from over 50 leading industry blogs. If any of these samples are able to reach your inbox, then the source blog will be referenced in your daily EAS report.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation

InQuest Latest Blog Posts

100 Days of YARA: Everything You Need to Know

Posted on 2023-05-10 by Trevor Borden

A challenge called the "100 Days of YARA" has been gaining popularity in the cybersecurity community. The contest involves writing and sharing one new rule a day for 100 days. The goal of the challenge is to improve participants' YARA skills and contribute to the community's knowledge base.

Highlight of an Email Attack Simulation Bypass

Posted on 2023-05-30 by Pedram Amini

In today's cybersecurity landscape, continuously testing and validating the efficacy of email security measures against evolving threats is important. Through The Trystero Project, we to measure the efficiency of leading cloud email providers, Google and Microsoft, in dealing with real-world malware threats. Our analysis reveals a certain percentage of threats managed to bypass the providers' defenses, highlighting the need for continuous improvement in email security measures.

InQuest Labs Research Spotlight

Gepetto

Gepetto is a Python script which uses OpenAI's gpt-3.5-turbo and gpt-4 models to provide meaning to functions decompiled by IDA Pro.

Donkey Car

An opensource DIY self driving platform for small scale cars.

PentestGPT

A GPT-empowered penetration testing tool.

Global Security Events

Hackers hold city of Augusta hostage in a ransomware attack

BlackByte group has claimed responsibility for a ransomware attack on Augusta, Georgia. The ransomware group has posted 10GB of sample data for free and claimed they have a lot more data available.

Barracuda zero-day abused since 2022 to drop new malware, steal data

Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data.

Operation CMDStealer: Financially Motivated Campaign Leverages CMD-Scripts and LOLBaS for Online Banking Theft in Portugal, Peru, and Mexico

An unknown financially motivated threat actor, very likely from Brazil, is targeting Spanish- and Portuguese-speaking victims, with the goal of stealing online banking access. The victims are primarily in Portugal, Mexico, and Peru. This threat actor employs tactics such as LOLBaS (Living Off the Land Binaries and Scripts), along with CMD-based scripts to carry out its malicious activities.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.