InQuest Newsletter #74

Round Three: The Austin Hacker Hoedown

Dust off your cowboy boots and hats—it’s time for the third annual Austin Hacker Hoedown! Join fellow cybersecurity pros for an evening packed with lightning talks, BBQ, and open bar libations on Wednesday, November 20th at 6 pm, hosted at the iconic San Hack (Jac) Saloon. Reserved on the second floor for our community, the evening kicks off with talks starting at 7:30 pm and continues with live country music once the talks conclude. Expect a relaxed yet insightful gathering, where experts and enthusiasts alike will share knowledge, network, and unwind. Space is limited to 150, so grab your Eventbrite registration early to guarantee entry, and don’t forget to thank our sponsors, including Exodus Intelligence, OPSWAT, Mozilla, and more!

Check back for open reservations.

InQuest Email Attack Simulation

This month we harvested 441 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 301 (58%), and Google missed 149 (38%). InQuest, MailTAC for reference, missed 37 (8%). The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 496 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.

InQuest Labs Research Spotlight

Lookyloo

Lookyloo is a web interface that captures a webpage and then displays a tree of the domains, that call each other.

LazyVim

LazyVim is a Neovim setup powered by 💤 lazy.nvim to make it easy to customize and extend your config. Rather than having to choose between starting from scratch or using a pre-made distro, LazyVim offers the best of both worlds

Marimo

marimo is a reactive Python notebook: run a cell or interact with a UI element, and marimo automatically runs dependent cells (or marks them as stale), keeping code and outputs consistent. marimo notebooks are stored as pure Python, executable as scripts, and deployable as apps.

Global Security Events

Introducing Early Cascade Injection: From Windows Process Creation to Stealthy Injection

In this blog post we introduce a novel process injection technique named Early Cascade Injection, explore Windows process creation, and identify how several Endpoint Detection and Response systems (EDRs) initialize their in-process detection capabilities.

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices.

Grandoreiro, the global trojan with grandiose goals

Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim’s computer to bypass the security measures of banking institutions. It’s been active since at least 2016 and is now one of the most widespread banking trojans globally.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.