InQuest is proud to have provided Recon Infosec with the DFI Threat Hunting Platform during their Blackhat 2020 Network Defense Range Training (NDR).

NDR is a one-of-a-kind training platform that enables SOC analysts, threat hunters, and incident responders to go toe-to-toe with advanced adversaries in a low-stakes/zero-risk environment. We pride ourselves in the high-fidelity nature of our simulated environment from the organic traffic generation down to the simulated users on workstations carrying out their day-to-day tasks.

Read more about the Network Defense Range!

Latest InQuest™ Blog Posts

Persian Kitties Hiding Benign Executables

Posted on 2020-08-15 by Josiah Smith

A while back, we had an interesting alert generated from one of the InQuest DFI sensors that were initially very suspicious, but proved to be entertaining and still questionable regarding the true purpose of the activity. My initial suspicion was driven to an event highlighting an Image with an Embedded executable.

Detection in Depth

Posted on 2020-08-28 by Josiah Smith

Detection in depth describes the multiple detection points within an attack chain. In an effort to throw everything and the kitchen sink at the problems associated with cyber defense, InQuest has incorporated Detection in-depth methodologies alongside our intelligent orchestration to help Prevent, Detect, and Hunt the cyber-threats impacting our modern world.

InQuest™ Labs Research Spotlight

Phishing Database

A Testing Repository for Phishing Domains, Web Sites, and Threats. The results are updated hourly and contain Domains that have been tested to be Active, Inactive, or Invalid.

Ukemi

Ukemi is a CLI tool for querying passive DNS services. It supports multiple services and outputs resolutions in JSON format.

DnsServer

Technitium DNS Server is an open-source tool that can be used for self-hosting a local DNS server for privacy & security or used for experimentation and testing.

Global Security Events

Russian arrested for trying to recruit an insider and hack a Nevada company

The US Department of Justice announced charges today against a Russian citizen who traveled to the US to recruit and convince an employee of a Nevada company to install malware on their employer's network in exchange for $1,000,000.

The DeathStalker cyberspy group and its toolset

Kaspersky has identified a cybercriminal group that specializes in stealing trade secrets. Judging by its targets so far, the group is interested mainly in attacking fintech companies, law firms, and financial advisors, although, in at least one case, it also attacked a diplomatic entity.

SunCrypt Ransomware sheds light on the Maze ransomware cartel

A ransomware named SunCrypt has joined the 'Maze cartel,' and with their membership, BleepingComputer got insight into how these groups are working together. In June, they broke the story that the Maze threat actors created a cartel of ransomware operations to share information and techniques.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.