InQuest Blog

Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.

An Introduction to Deep File Inspection

Posted on 2018-02-12 by Anindo Mukherjee

Modern "fileless" malware campaigns increasingly use specially crafted documents as attack vectors. This allows a malicious file to harbor a payload distinct from executable droppers, and can have its text content easily modified in a phishing campaign without having to alter the nested objects it contains. Deep File Inspection presents a methodology to unwrap these nested files and objects, and classify documents based on their intent; flagging malicious files based on the subsets of functionality they're using.

Adobe Flash MediaPlayer DRM Use-After-Free Vulnerability

Posted on 2018-02-07 by Pedram Amini

On February 1st, Adobe published bulletin APSA18-01 for CVE-2018-4878 describing a use-after-free (UAF) vulnerability affecting Flash version 28.0.0.137 and earlier. As of February 6th, Adobe has patched the issue in version 28.0.0.161, see: APSB18-03. This post provides an overview of the vulnerability, a walk-through of the exploit seen in the wild, and covers several detection mechanisms. You can also follow the conversation via our Twitter moment.