We Detect Hackers

Flexible and Continuous Compromise Assessments

Have I been compromised?

With security breaches arising on multiple fronts, companies, healthcare systems, governmental and educational entities alike are starting to realize how real the threat of cyber security attacks are. In today’s world, firewalls, antivirus and network based intrusion prevention are not enough.

Compromise assessments are the most effective defense in depth measure an organization can use to ensure no threats have made it past their defenses.

Nextron System provides the best compromise assessment scanner and management platforms to facilitate a continuous assessment.  

We don’t believe in using cloud services. All our solutions are on your premises. Your data will never leave your network.


We Detect Hacker Activity

Our signature database with more than 9000 hand crafted and high quality rules is focused on APTs (advanced persistent threats), their tool sets, scripts and malware. 

We curate rules for hack tools, their output, config backdoors, RATs, web shells, suspicious system file replacements and traces of other malicious activity.

THOR is the perfect complement to your Antivirus solution.

Our Product Line

Scanners, Management and Analysis



THOR is our full-featured, portable and flexible compromise assessment scanner for Windows systems

THOR Lite (upcoming)

THOR Lite is a feature-reduced version of THOR, which is bundled with the open source signature set of LOKI


LOKI is a Python based open source IOC and YARA scanner bundled with our free and limited signature set

Management and Analysis

ASGARD Management Center

Configure, schedule and control scans on up to 10,000 end points per instance; collect files and memory from end systems

ASGARD Analysis Cockpit

Analyze scan logs, manage incidents in role based cases management, create filters and forward messages to your SIEM



Supercharge your detection with more than 9000 hand crafted, curated high quality YARA rules

Why Do Customers Choose Nextron?

Impressive Detection Rate

THOR’s impressive detection rate is well-known in the industry and fits the needs of threat hunters around the globe.

Thousands of generic signatures detect anomalies, obfuscation techniques and suspicious properties to rapidly accelerate compromise assessments.

Unmatched Flexibility

Use our scanners fully managed with the ASGARD platform or stand-alone as portable scanners for live forensics, image scans or to monitor a certain folder.

You can easily add your own indicators and signatures from threat feeds that you’ve subscribed to.

Trans-Regional Trust

We are a German-based company and all of our solutions are on-premise. Our scanners work completely offline.

We enjoy great confidence from our customers in the form of government agencies, NGOs and private corporations.

What our customers say

In our environment, we use ASGARD for a multitude of use-cases. In addition to other security components, we use ASGARD to regularly scan selected systems for sign of compromise. Furthermore, we use ASGARD during incident response for both initial triage and comprehensive scanning of a system.

Read More

Raphael Otto

Head of Cyber Defense Center, Infineon Technologies AG

I have been given the opportunity to evaluate Nextron’s VALHALLA feed. The handcrafted high quality detections with literally zero false-positive rate are an unmatched capability that does not only enable your detection technologies to stay ahead of the latest advanced threats but also is an extension of your own security team. Given the high quality and value the feed provides I can highly recommend VALHALLA. 

Markus Neis

Threat Intelligence Manager, Swisscom Schweiz AG


Blog Posts and Tweets

Recent Blog Posts

Not All IOC Scanning Is The Same

People often tell us that EDR product X already does IOC scanning and that they don’t have to check for these indicators a second time using our scanners. Especially when it...