ThreatIngestor is a flexible, configuration-driven, extensible framework for consuming threat intelligence. It can watch Twitter, RSS feeds, and other sources, extract meaningful information like C2 IPs/domains and YARA signatures, and send that information to other systems for analysis.

Use ThreatIngestor alongside ThreatKB or MISP to automate importing public C2s and YARA signatures, or integrate it into your existing workflow with custom operator plugins.

Read more about ThreatIngestor

Click below to learn more about how our threat intelligence helps to beat traditional security defenses.

Read more
Latest InQuest™ Blog Posts

Analyzing Sophisticated PowerShell Targeting Japan

Amirreza Niakanlahiji and Josiah Smith/ 2019-03-09

In this article, we dissect a sophisticated multi-stage PowerShell script that is targeting users in Japan. We found this instance on HybridAnalysis on March 7. This malware sample is unique because it utilizes multiple layers of obfuscation, encryption, and steganography to protect its final payload from detection.

Read more

Making a Twitter Bot with ThreatIngestor

Adam and Ryan / 2019-03-26

ThreatIngestor helps you collect threat intelligence from public feeds, and gives you context on that intelligence so you can research it further, and put it to use protecting yourself or your organization.

Read more
InQuest™ Labs Research Spotlight


Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY.

Read more


Libre file transfer client for macOS and Windows. Command line interface (CLI) for Linux, macOS and Windows.

Read more


A curated list of hacking environments where you can train your cyber skills legally and safely.

Read more
Global Security Events

Oregon DHS’ 2 million emails accounts compromised in a recent phishing scheme

A successful phishing scheme has resulted in the compromise of 2 million email accounts belonging to the Oregon Department of Human Services. The incident has affected at least 350,000 people.

Read more

ShadowHammer attack installed backdoors on a million ASUS devices

Backdoors added to ASUS computers through its software update platform resulted in what Kaspersky researchers are calling one of the largest supply chain incidents ever, “ShadowHammer,” which even surpassed the scope of the CCleaner attack.

Read more

Norsk Hydro's initial loss from cyber attack may exceed $40 million

Norwegian aluminum maker Norsk Hydro may have lost more than $40 million in the week that followed a cyber attack that paralyzed parts of its operations, and a full recovery of IT systems will take weeks or more, the company said.

Read more
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest™ 2019