inquest

December 2019

InQuest combines Deep File Inspection (DFI) and RetroHunting™ to bring the threat hunting capabilities of VirusTotal Intelligence to your own environment. VirusTotal provides analysts with powerful tools to threat hunt against millions of files, domains, and IPs, but has the drawback of not currently offering a self-hosted option for organizations that wish to keep their data private.
No one wants to get coal in their stocking, but it does happen. Unfortunately, your stocking is a computer, and bad guys are delivering the coal in the form of Ransomware.

September 2019

Introduction In this blog, we discuss Adobe Extensible Metadata Platform (XMP) identifiers (IDs) and how they can be used as both pivot and detection anchors. Defined as a standard for mapping graphical asset relationships, XMP allows for tracking of both parent-child relationships and individual revisions. There are three categories of identifiers: original document, document, and instance.