InQuest Partners with Joe Security to Exclusively Deliver Joe Sandbox to the US Public Sector.

Joe Sandbox Ultimate executes files and URLs fully automated in a controlled environment and monitors the behavior of applications and the operating system for suspicious activities

Advantages of Joe Sandbox include:

  • Detecting malware faster and easier through a fully automated system
  • Industry’s deepest analysis, from high-level behavior down to assembly
  • Automated analysis of multi-platform malware

Get in touch to learn more about InQuest or JoeSandox!

Latest InQuest™ Blog Posts

Clustering for Classification: Using Unsupervised Learning for Label Expansion

Posted on 2020-12-16 by Steve Esling

While two different malware samples might appear completely different to a human's evaluation, those same samples, stripped of their identities and reduced down to a vectorized representation of their most important qualities, might be found by a machine to have been twins all along. Insights like this are the goal of "clustering," a machine learning technique based on finding the similarities and differences across and between a massive amount of data points. What follows is an overview of one of those techniques, K-means.

Read more

Social Engineering Attacks And E-mail Security

Posted on 2020-12-30 by Josiah smith

Social engineering is a common, low-tech approach where a threat actor impersonates someone else to obtain sensitive information or persuade the deceived to comply with some other request type. It has been described as “hacker-speak” for tricking a person into disclosing authentication information, executing malicious code, or opening a door. Some classic example of social engineering is the promise of funds from the prince of Nigeria, and the process has matured into malicious documents with coercive DocuSign lures or spoofed invoice scams changing the routing information for payments.

Read more
InQuest™ Labs Research Spotlight


Given a TLD zone file, PhishCanary extracts International Domain Names (IDNs) that are homoglyphs of specified target domain names.

Read more


Qiling is an advanced binary emulation framework, with the following features: Cross platform, Cross architecture, Multiple file formats.

Read more


The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.

Read more
Global Security Events

GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

Read more

Germany: 'Colossal' cyberattack knocks out Funke news group

One of the biggest media organizations in German-speaking territories has become the victim of a sustained cyberattack over the Christmas holiday, forcing several newspapers to cancel or offer severely curtailed "emergency" editions.

Read more

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims

FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software.

Read more
InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest™ 2021