InQuest Newsletter #6

In addition to the weekly signature updates from InQuest™ Labs, support for user-defined signatures is simplified within the platform. Whether you are utilizing third-party threat intel providers, company-specific data-loss signatures, or an advanced in-house signature developer, InQuest™ provides options for multi-tenant implementation of user-defined detection capability.

User-defined signatures can be written using YARA rules to identify a set of strings and a logical boolean expression. These signatures can detect threats to your organization or data-loss events through file and session analysis.

Click below to learn more about how we beat traditional security defenses.

Latest InQuest™ Blog Posts

Quick Analysis of a Customer Malspam Encounter

Josiah Smith / 2019-02-26

This article covers the analysis of an interesting customer malspam encounter that was identified with a user-defined signature focusing on high levels of entropy within the file. This attack occurred at an undisclosed customer site and targeted 3 different individuals across the organization.

Family Matters: Using MinHash to Cluster Data

Steve Esling / 2019-02-26

By converting feature sets to smaller hashes of a fixed length, it turns out we’re able to estimate document similarities in a much more efficient manner. Just like any of the techniques we use, LSH comes in many flavors, but our method of choice is known as MinHash.

InQuest™ Labs Research Spotlight

base64_substring

base64_substring helps them by enumerating all possible base64 encoding for a given search term and generating a yara rule that checks those possiblities..

Pown

Pown.js is a security testing an exploitation toolkit built on top of Node.js and NPM.

Phantom-Evasion

Phantom-Evasion is an interactive antivirus evasion tool to generate with the most common 32 bit msfvenom payload.

Global Security Events

Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week

Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal Core that could allow attackers to hack affected websites.

Malvertising attacks using polyglot images spotted in the wild

Polyglot images, which differ from their near cousins steganographic images primarily by not needing an external script to extract the payload, have been spotted in the wild.

Smart Homes at Risk Due to Unpatched Vulnerabilities, Weak Credentials

40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.