Since THOR and THOR Lite are tools written for digital forensic experts, they can be difficult to use. There is often a steep learning curve in the beginning.
We’d like to help new users pass these first steps in a playful way by providing a TryHackMe challenge in which you analyse a compromised system using THOR Lite.
You’ll learn how to download and run it, interpret the results, write your own signatures and include your own IOCs for a custom threat.
The room is meant for first time THOR or THOR Lite users.
Target Audience: DFIR professionals, administrators, security analysts
Duration: ~3 hours (without the download of the VM)
You’ll work with a prepared virtual machine that you’re required to download during the training.
- VMWare or VirtualBox
- 13 GB download and 23 GB of disk space
- visit https://tryhackme.com
- create an account
- access the page “My Rooms”
- enter the room code “thorlite”, then “Enter room”
and start with the training lab.
Please help us and send your feedback to firstname.lastname@example.org