InQuest is excited to announce that we are making the proprietary Threat Intelligence that fuels our platforms available as a standalone offering to the public.

There is little debate about Threat Intelligence (TI) sourcing and the value it brings to organizations. Infrastructure tracking tradecraft is a requisite layer of augmentation for rapid response in today's threat landscape. By tracking threat actors through multiple anchors on TTPs and IOCs (IPs, domains, SSL certs), we're able to maintain knowledge of active campaigns even as they evolve day-to-day. Read more within this Press Release that details some early warning indicators.

Contact Us to learn more about InQuest's Threat Intelligence!

InQuest Mail Provider Comparison
This month we tested 13,278 malicious file samples against Google and Microsoft's email defenses, and here's what made it through:

🏆 2,027 (15.2%) 🏆


3,734 (28.1%)

O365 ATP + Phishing
InQuire for a free, personalized email security assessment!
Latest InQuest™ Blog Posts

Kimsuky Espionage Campaign

Posted on 2021-08-23 by Dmitry Melikov

A few days ago, we found an exciting Javascript file masquerading as a PDF that, upon activation, will drop and display a PDF (to maintain the ruse) as well as drop an executable. The document is a lure for the Korean Foreign Ministry document and its newsletter.

Read more

The Trystero Projects

Posted on 2021-08-25 by Josiah Smith

The "Trystero Project" is our code name for an experiment that we're actively conducting to measure the security efficacy of the two largest mail providers, Google (Workspace, aka GSuite) and Microsoft (O365), against real-world emerging malware.

Read more
InQuest™ Labs Research Spotlight


DRAKVUF is a virtualization based agentless black-box binary analysis system. DRAKVUF allows for in-depth execution tracing of arbitrary binaries, all without having to install any special software within the virtual machine used for analysis.

Read more

Cobalt Strike Configuration Extractor

Pure Python library and set of scripts to extract and parse configurations from Cobalt Strike Beacons. The library, libcsce, contains classes for building tools to work with Beacon configs. There are also two CLI scripts included that use the library to parse Beacon config data:

Read more

NetWire Log Decoder

Arsenal's NetWire Log Decoder carves and parses (a/k/a scans, filters, and decodes) NetWire log data from files or devices. NetWire is a popular multi-platform remote access trojan (RAT) system

Read more
Global Security Events

Critical Vulnerability in Microsoft Azure Cosmos DB

ChaosDB is an unprecedented critical vulnerability in the Azure cloud platform that allows for remote account takeover of Azure’s flagship database - Cosmos DB. The vulnerability, gives any Azure user full admin access (read, write, delete) to another customers Cosmos DB instances without authorization.

Read more

The T-Mobile Breach Is Much Worse Than It Had to Be

In an email overnight, T-Mobile shared details about the data breach it confirmed Monday afternoon. They’re not great. Assorted data from more than 48 million people was compromised, and while that’s less than the 100 million that the hacker had initially advertised, the vast majority of those affected turn out not to be current T-Mobile customers at all.

Read more

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

Researchers discovered a novel ransomware emerging on the heels of the ProxyShell vulnerabilities discovery in Microsoft Exchange servers. The threat, dubbed LockFile, uses a unique “intermittent encryption” method as a way to evade detection as well as adopting tactics from previous ransomware gangs.

Read more
InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest™ 2021