InQuest Newsletter #77

Introducing MetaDefender NDR: Redefining Network Detection & Response

This month, we’re excited to highlight MetaDefender NDR, a cutting-edge Network Detection and Response (NDR) solution designed to empower SOC teams with unparalleled network visibility and analytical capabilities. In an era where reactive intrusion detection is no longer enough, MetaDefender NDR delivers high-performance inspection, deep file analysis, and ML-driven threat detection to proactively identify and eradicate cyber threats. With advanced encrypted session analysis, breach detection, and data loss prevention (DLP), your team can stay ahead of emerging threats, prevent data exfiltration, and hunt down malicious activity in real time. Built to scale with your network, MetaDefender NDR ensures that your security operations remain agile, informed, and ready to combat the evolving cyber threat landscape.

Learn more about MetaDefender NDR.

Farewell Trystero Saluting Face

Dearly beloved, we gather here today to bid a fond farewell to the Trystero Project. For years, Trystero served as our vigilant sentinel, evaluating the security prowess of Google, Microsoft, and InQuest’s own Deep File Inspection (DFI) against the ever-evolving landscape of emerging malware. It tirelessly measured the efficacy of these platforms, revealing that even major cloud-based email providers could miss over 40% of malicious emails targeting employees daily. Trystero’s insights were invaluable, offering a clear-eyed view into the strengths and weaknesses of our digital defenses. It reminded us that while technology is powerful, it is not infallible, and that a false sense of security can be more dangerous than no security at all.

As we retire this noble experiment, let us not mourn its conclusion but celebrate its contributions. Trystero’s legacy will live on in the lessons we’ve learned and the improvements we’ve made to our security measures. Its data will continue to inform and guide us, ensuring that we remain vigilant in the face of cyber threats.

Rest in peace, Trystero. Your watch has ended, but your impact endures.

Latest Blog Posts

How MetaDefender™ Prevents Sophisticated Polyglot Image Attacks

Posted on 2025-01-16 by Loc Nguyen

Polyglot files are files that can be valid as multiple types simultaneously, allowing attackers to bypass file type-based security measures. Examples include GIFAR, which functions as both a GIF and a RAR file, JavaScript/JPEG polyglots that are interpreted as both JavaScript and JPEG, and Phar-JPEG files, recognized as both a Phar archive and a JPEG image. These polyglot files can go undetected with deceptive or empty extensions that “trick” systems into thinking they are a benign file type (like an image or PDF) while containing undetected malicious code.

InQuest Labs Research Spotlight

sqly

sqly is a powerful command-line tool that can execute SQL against CSV, TSV, LTSV, JSON, and even Microsoft Excel™ files.

Mavoc

Mavoc is an tool used to pentest Windows and Linux machine. This tool mainly Focuses on Pentesting Windows . Made with using C++, Powershell and the server made with Python and go .

kev-data

This repository is home to the data files that make up the Known Exploited Vulnerabilities (KEV) catalog.

Global Security Events

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

Wiz Research has identified a publicly accessible ClickHouse database belonging to DeepSeek, which allows full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information. The Wiz Research team immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure.

Adversarial Misuse of Generative AI

Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for defenders, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes.

FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent

The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks. While some of their members also engaged in ethical hacking discussions, the sites were widely regarded as a hub for cybercriminal activity.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.