InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

Defense in Depth: Detonation Technologies

Posted on 2018-03-12 by Ryan Shipp

We believe that any security stack, in essence, follows the Swiss cheese model. With each slice of cheese representing a security product, and each hole representing some bypass or evasion. Following best practices and employing a Defense-in-Depth model results in a stacking of these slices, each additional stack reducing the exposure window and minimizing the overall risk to a computing environment.

An Introduction to Deep File Inspection

Posted on 2018-02-12 by Anindo Mukherjee

Modern "fileless" malware campaigns increasingly use specially crafted documents as attack vectors. This allows a malicious file to harbor a payload distinct from executable droppers, and can have its text content easily modified in a phishing campaign without having to alter the nested objects it contains. Deep File Inspection presents a methodology to unwrap these nested files and objects, and classify documents based on their intent; flagging malicious files based on the subsets of functionality they're using.

Adobe Flash MediaPlayer DRM Use-After-Free Vulnerability

Posted on 2018-02-07 by Pedram Amini

On February 1st, Adobe published bulletin APSA18-01 for CVE-2018-4878 describing a use-after-free (UAF) vulnerability affecting Flash version and earlier. As of February 6th, Adobe has patched the issue in version, see: APSB18-03. This post provides an overview of the vulnerability, a walk-through of the exploit seen in the wild, and covers several detection mechanisms. You can also follow the conversation via our Twitter moment.