InQuest Blog Articles Filed Under ""

You can view all blog posts filed under this tag.

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Extracting "Sneaky" Excel XLM Macros

Posted on 2019-03-23 by aniakanlahiji

In this article, we dissect a sneaky malicious Microsoft Excel XLM file that we caught in the wild. To do so, we utilize a few open source as well as in-house tools to analyze the Excel document. During our analysis, we point out the limitations of a few popular file carving tools, such as foremost and scalpel, in extracting data from this and related samples.

threat-hunting deep-file-inspection malware-analysis yara open-source

Blog Archive

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Omnibus: Automating OSINT Collection

Posted on 2019-03-23 by aswanda

Open Source Intelligence (OSINT) is data collected from publicly available sources that is meant to be used in the context of intelligence. A great deal of data, combined with analysis by trained professionals, can be turned into actionable intelligence. This intelligence is used to enhance cyber security investigations, provide insight into adversary infrastructure and operators, give context to threat actor profiling, or understand a complex scenario.

open-source osint

Blog Archive

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Plyara: Parsing YARA rules with Python

Posted on 2019-03-23 by rshipp

Plyara is a Python lexer and parser for YARA rules. You can use it to build your own tools around YARA rules: whether analyzing or performing bulk operations on a large corpus, parsing rule content for display, writing a linter, or any other application you might think of.

yara open-source

Blog Archive

InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Defense in Depth: Detonation Technologies

Posted on 2019-03-23 by rshipp

We believe that any security stack, in essence, follows the Swiss cheese model. With each slice of cheese representing a security product, and each hole representing some bypass or evasion. Following best practices and employing a Defense-in-Depth model results in a stacking of these slices, each additional stack reducing the exposure window and minimizing the overall risk to a computing environment.

sandbox detonation malware-analysis open-source

Blog Archive