InQuest not only provides the ability to capture and catalog all web and e-mail session information at a "carrier class" 20 Gbps. We also support the customer with the ability to capture and analyze data-at-rest via CIFS/SMB.

The perfect compliment to retrospective file analysis, Data at Rest Deep File Inspection (DFI) provides a sentry at your endpoints and critical storage locations. Scan potential threats that were introduced via peripheral media or encrypted protocols. The currently supported SMB versions are SMB1, SMB2, SMB3, and SMB3.1.1.

Other network based solutions can barely scratch the surface of layer 7. InQuest can expose an additional 4X worth of content for threat and data loss detection.

In addition to the weekly signatures provided by InQuest Labs, the platform provides the ability to create, test, and tune custom signatures to address threats to your organization.

Click below to learn more about how we beat traditional security defenses.

Read More
Latest InQuest Blog Posts
Short-Circuiting Boolean Operators in YARA
Rob King / 2018-12-18

Here at InQuest, YARA is among the many tools we use to perform deep-file inspection, with a fairly extensive rule set. InQuest operates at line speed in very high-traffic networks, so these rules need to be fast. This blog post is the second in a series discussing YARA performance notes, tips, and hacks.

Read More
Ex Machina: A Frolic through the Forests
Steve Esling / 2018-12-29

Today, we’re going to take a deeper dive into two of our classifiers, Random Forests (RF) and Gradient Boosting (GB), and discuss some of their interesting findings.

Read More
InQuest Labs Research Spotlight
the-book-of-secret-knowledge
A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools for System and Network Admins, DevOps, Pentesters or Security Researchers.
Read More
homemade-machine-learning
Python examples of popular machine learning algorithms with interactive Jupyter demos and math being explained.
Read More
fiercecroissant
Pastebin scraper written in python designed to look for obfuscated pastes and save them. Decoders can then be applied to the pastes to de-obfuscate them for code samples
Read More
Global Security Events
Microsoft issues emergency fix for Internet Explorer zero-day
@welivesecurity

Microsoft rolled out an emergency security update to patch a zero-day in Internet Explorer that was being exploited in the wild. CVE-2018-8653 resides in IE’s scripting engine, specifically in how the engine handles objects in memory.

Read More
How China's elite hackers stole the world's most valuable secrets
@WIRED

A new Justice Department indictment outlines how Chinese hackers (specifically APT10) allegedly compromised data from companies in a dozen countries in a single intrusion.

Read More
Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
@Unit42_Intel

The Sofacy threat group continues to carry out attacks using their Zebrocy tool. The developers of Zebrocy have once again created a new version the Trojan using a different programming language, specifically the Go language. .

Read More
Useful Links
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest 2018