InQuest’s platform constantly monitors command and control (C2) communications for signs of anomalous activity. Keeping abreast of the latest C2 nodes through threat intelligence is key for detecting this activity. Our C2 detection engine alerts you if any of those nodes are seen touching your network, so we not only focus on what is being said but also who is saying it. The InQuest Labs Team publishes daily updates of known C2 artifacts globally, which are then flagged in our UI for further investigation.

Research and empirical observations have provided a glorious lead time on many indicators. Up to 357 days and an average of 192 days before disclosed to the general public.

Click below to learn more about how our threat intelligence can provide insight into the threats holding your organization at risk.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png
Latest InQuest™ Blog Posts

Abusing Registration-Free COM Interop

Amirreza Niakanlahiji / 2019-05-30

In this short post, we dissect the inner workings of registration-free COM interop and present a known technique that red teamers can abuse to dynamically load .NET assembly logic. This technique was first presented by Casey Smith. Additionally, some minor obfuscated variations are presented in hopes of evading existing detection mechanisms. Proof-of-concept code snippets are provided in both PowerShell and JScript to demonstrate versatility.

Read more be8ff157-d269-49de-8931-52c1115b706e.png
InQuest™ Labs Research Spotlight


An asynchronous post-exploitation agent powered by Python, IronPython, C# and .NET's DLR.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png


python tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png


PoC relating to CVE-2019-0708 (RDP; Windows 7, Windows Server 2003, Windows Server 2008).

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png
Global Security Events

A journey to Zebrocy land

The Sednit group (APT28, Fancy Bear, Sofacy or STRONTIUM) has been operating since at least 2004 and has made headlines recently with the use of a UEFI rootkit, called LoJax.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png

Cyber Command's latest VirusTotal upload has been linked to an active attack

The malware sample that U.S. Cyber Command uploaded to VirusTotal last week is still involved in active attacks. Multiple researchers have attributed this attack to the APT 28 threat group.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png

Hackers reportedly used a tool developed by the NSA to attack Baltimore’s computer system

Baltimore’s city government has been dealing with a ransomware attack that has shut down everything from its email to the systems that allow residents to pay water bills, purchase homes, and other services.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png
InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest™ 2019

This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences