The InQuest Threat Exchange and an optional push/pull integration supported by InQuest cloud. If enabled, anonymous file hashes along with their threat vectors are pushed to the threat exchange. In turn, all newly seen file hashes are queried from the cloud prior to a deep dive analysis. This assists participating customers in both efficacy and performance.

On the performance front, if another instance of InQuest has already done the analysis on any given file, there's no need to burn CPU cycles on analyzing the file again.

On the efficacy front, customers benefit from a collective herd immunity. As customers have a variety of deployment configurations, from completely standalone to fully integrated with sandbox and multi-scanning technologies. Threat vectors received by InQuest cloud are evaluated and scored to ensure the most accurate classification.

Click below to learn more about how our threat intelligence helps to beat traditional security defenses.

Read more
Latest InQuest™ Blog Posts

Steve's Blog

Steve Esling/ 2019-04-09


Read more

Amir's Blog

Amirreza Niakanlahiji / 2019-04-26


Read more
InQuest™ Labs Research Spotlight


A cross platform tool for generating YARA rules based on binary code. mkYARA aims to automate the generation of executable code signatures by using not static variables.

Read more


PasteHunter is a python3 application that is designed to query a collection of sites that host publicly pasted data. For all the pasts it finds it scans the raw contents against a series of Yara rules looking for specific information.

Read more


yarAnalyzer creates statistics on a yara rule set and files in a sample directory. Place some signatures with .yar extension in the "signatures" folder and then run yarAnalyzer on a certain sample directory like:.

Read more
Global Security Events

Source code of Iranian cyber-espionage tools leaked on Telegram

In an incident reminiscent of the Shadow Brokers leak that exposed the NSA's hacking tools, someone has now published similar hacking tools belonging to one of Iran's elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten.

Read more

Machines running popular AV software go unresponsive after Microsoft Windows update

April’s Microsoft Windows update has apparently been causing headaches for users who had previously installed anti-virus software from vendors such as Avast, Avira, ArcaBit, McAfee and Sophos. Users with these AV products who installed the April 9 Windows update may find that their machines become slow or unresponsive following restart.

Read more

Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer

A zero-day extensible markup language (XML) external entity (XXE) injection vulnerability in Microsoft Internet Explorer (IE) was recently disclosed by security researcher John Page. An attacker can reportedly exploit this vulnerability to steal confidential information or exfiltrate local files from the victim’s machine.

Read more
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest™ 2019