InQuest Blog Articles Filed Under ""

You can view all blog posts filed under this tag.

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

InQuest Provides Zero-Day Coverage Against Advanced Threats via Partner Exodus Intel

Posted on 2019-03-23 by amukherejee

Threat intelligence is only as good as the sources that drive it, which is why we integrate Zero-Day exploitation coverage into our product via research from Exodus Intelligence. Going beyond public vulns and in-the-wild samples, this level of coverage affords protection against new TTPs, long before they become part of the known threat landscape.

vulnerability 0day exploit threat-intel inquest-partner

Blog Archive

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

An Introduction to Deep File Inspection

Posted on 2019-03-23 by amukherejee

Deep File Inspection, or DFI, is the reassembly of packets captured off of the wire into application level content that is then reconstructed, unraveled, and dissected (decompressed, decoded, decrypted, deobfuscated) in an automated fashion. This allows heuristic analysis to better determine the intent by analysis of the file contents (containers, objects, etc.) as an artifact.

vulnerability deep-file-inspection malware-analysis

Blog Archive

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Adobe Flash MediaPlayer DRM Use-After-Free Vulnerability

Posted on 2019-03-23 by pedram

On February 1st, Adobe published bulletin APSA18-01 for CVE-2018-4878 describing a use-after-free (UAF) vulnerability affecting Flash versions 28.0.0.137 and earlier. As of February 6th, Adobe has patched the issue in version 28.0.0.161, APSB18-03. This post provides an overview of the vulnerability, a walk-through of the exploit seen in the wild, and covers several detection mechanisms.

0day vulnerability exploit in-the-wild deep-file-inspection yara

Blog Archive

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Microsoft Office DDE Macro-less Command Execution Vulnerability

Posted on 2019-03-23 by pedram

On October 9th 2017, SensePost researchers posted a technique demonstrating macro-less command execution in Microsoft Office documents through Dynamic Data Exchange (DDE). While variations of this technique are known, the post sheds light on the fact that Microsoft has no intent to address the matter, and that "exploit" creation is trivial. This post provides an overview of the vulnerability, provides a mitigation, covers sample hunting, and covers the dissection of a few interesting samples gathered during the week.

vulnerability threat-hunting deep-file-inspection malware-analysis yara

Blog Archive