The Iceberg of Inspection is the perfect visual for understanding the incorporation of threat intelligence within your security operations center (SOC). Considering only 10% of the iceberg is visible above water, many of the actionable indicators are hidden below sea level.

Deep File Inspection (DFI) can uncover the network artifacts, tools, and TTPs that are tied to the attacks targeting your organization. These additional indicators of compromise (IOCs) can be leveraged to empower your threat hunting and artifact pivoting throughout your analytical workflow.

Find out if DFI can turn your pyramid of pain upside down and provide the intelligence you need to mitigate even the most sophisticated campaigns targeting your organization.

Solutions overview

Latest InQuest™ Blog Posts

Pyramid of Pain vs. Iceberg of Inpsection

Posted on 2020-01-24 by Josiah Smith

An illustrative blog discussing the Pyramid of Pain and how it relates to the Iceberg of Inspection. Deep File Inspection can uncover TTPs and other indicators to supplement prevention, detection, and threat hunting within your Enterprise.

Internship Retrospective

Posted on 2019-12-25 by Adam Musciano

A heartfelt retrospective from one of the InQuest Interns detailing his experiences and contributions.

InQuest™ Labs Research Spotlight

Application Inspector

A software characterization source code analyzer that helps you understand what a program does by identifying interesting features and characteristics using static analysis and a customizable json based rules engine.

Maltrail

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined list.

Powershell-RAT

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines.

Global Security Events

Microsoft Releases Advisory on Zero-Day Vulnerability CVE-2020-0674, Workaround Provided

On January 17, Microsoft published an advisory (ADV200001) warning users about CVE-2020-0674, a remote code execution (RCE) vulnerability involving Microsoft’s Internet Explorer (IE) web browser. A patch has not yet been released as of the time of writing — however, Microsoft has acknowledged that it is aware of limited, targeted attacks exploiting the flaw.

Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2

Microsoft has released a security update for Windows, which includes a fix to a dangerous bug that would allow an attacker to spoof a certificate, making it look like it came from a trusted source. The vulnerability (CVE-2020–0601) was reported to Microsoft by the NSA.

Renewed Emotet phishing activity targets UN, government and military users

Since resuming operations after a holiday hiatus, the malicious actors behind the Emotet banking trojan network have reportedly targeted at least 82 countries with spam and crafted a special phishing campaign targeting the United Nations. Meanwhile, an additional report has revealed an increase in Emotet phishing activity targeting government and military entities over the last few months of 2019.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.