InQuest’s cloud-based integrated email security solution, leveraging our patented Deep File Inspection (DFI), goes to unparalleled levels of scrutiny to analyze, identify, and ultimately prevent malware, phishing, ransomware, spam, and scams from being delivered to your users.

Protect against various impersonation and social engineering tactics, such as display name spoofing and lookalike domain trickery with our email telemetry, reputation, and machine learning analytics.

Read more about InQuest's Cloud Email Security!

Latest InQuest™ Blog Posts

String Encoding and YARA... Oh My

Posted on 2021-01-25 by David Ledbetter

On December 16th, 2020 Twitter user Insomnihack @pro_integritate posted an interesting obfuscated document, where it was flagged as Dridex in some sandboxes. This sample threw an error and would not open in Office 2010 until I changed the file extension to “doc’. The thing that stood out the most on initial inspection is the massive use of the properties “wd.. “ like “wdArtWeavingStrips” each of these properties map to constant values of “Word Enumerated Constants”

Carving Images for Leisure and Gain

Posted on 2021-01-26 by Josiah smith

Throughout InQuest's research into detecting maldocs, deserving attention has been given to the graphical asset that is used as the coercive lure. From "Worm Charming", InQuest's Malware Lures Gallery, and Optical Character Recognition inspection of the instructive text to enable embedded logic, uncountable wins have been brought to the community's attention. This quick blog details a couple of approaches for acquiring maldoc images without the need to open the document and copy the image.

InQuest™ Labs Research Spotlight

ph0neutria

ph0neutria is a malware zoo builder that sources samples straight from the wild. Everything is stored in Viper for ease of access and manageability.

SSRFmap

SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.

Graph Similar Maldoc Images

A script that extracts embedded images from Office Open XML (OOXML) documents and generates image hash similarity graphs that cluster visually similar images together.

Global Security Events

New Linux SUDO flaw lets local users gain root privileges

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication. Sudo is a Unix program that enables system admins to provide limited root privileges to normal users.

How We Hacked Azure Functions and Escaped Docker

In previous months Intezer identified vulnerabilities in Microsoft Azure Network Watcher and Azure App Services, leading them to investigate other types of Azure compute infrastructure. Tney found a new vulnerability in Azure Functions, which would allow an attacker to escalate privileges and escape the Azure Functions Docker container to the Docker host.

Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders

Europol announced a takedown of infrastructure used to run the Emotet botnet in a joint operation with law enforcement organizations from the U.S., U.K., Canada, the Netherlands, Germany, France, Lithuania, and Ukraine.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.