Antivirus engines and EDRs have their place – no doubt. But what happens when malware simply slips through their nets? What if the malicious file was never executed? What if the incident happened months ago? That’s where THOR comes in. Our compromise assessment...
From THOR Scan to Timeline: Correlating Findings in Timesketch
We’ve released a CLI utility that converts THOR logs into a Timesketch-compatible format. This allows analysts to import and visualize THOR’s forensic findings as timestamped events on a unified timeline, together with data from other sources. The thor2ts utility...
Stealth in 100 Lines: Analyzing PAM Backdoors in Linux
Abuse of Modular Trust PAM (Pluggable Authentication Modules) is a fundamental part of Linux authentication infrastructure. Its flexibility - designed to support various authentication mechanisms - can be exploited by adversaries. In our analysis, we encountered a...
Katz Stealer Threat Analysis
In this analysis, we will delve into the technical details of Katz Stealer, a credential-stealing malware as a service. We will explore its infection chain and the various techniques it employs to evade detection and exfiltrate sensitive data. We will also discuss...
YARA Forge Rule Sets Now Available in THOR Cloud and THOR Cloud Lite
We are pleased to announce a significant enhancement for users of THOR Cloud and THOR Cloud Lite: YARA Forge rule sets are now available for integration. YARA Forge is a curated, quality-assured feed of YARA rules developed as a private project. It automates the...
Nitrogen Dropping Cobalt Strike – A Combination of “Chemical Elements”
First detected in September 2024 and initially targeting the United States and Canada, the Nitrogen ransomware group has since expanded its reach into parts of Africa and Europe. Many of their victims remain absent from Nitrogen’s public ransomware blog and likely...
Active Exploitation of SAP NetWeaver Systems — Our Recommendation for Local Scans
In recent days, major security companies such as ReliaQuest and Onapsis have disclosed the active exploitation of CVE-2025-31324, a critical vulnerability in SAP NetWeaver’s Visual Composer component. The vulnerability allows unauthenticated attackers to upload...
End of Life Announcement for THOR Version 10.6
Nextron Systems officially announces the End of Life (EOL) and End of Support (EOS) for THOR version 10.6, our former stable forensic scanner version. Effective December 31, 2025, THOR 10.6 will no longer receive updates, maintenance, or technical support. Background...
Forwarding Profiles in THOR Cloud Enterprise: Direct Log Delivery from Endpoints
We’re introducing Forwarding Profiles in THOR Cloud Enterprise — a feature designed to streamline how scan results are delivered to external systems such as SIEMs, log collectors, or analysis platforms. Rather than downloading logs manually or relying on intermediate...
Obfuscated Threats – The Invisible Danger in Cybersecurity
Obfuscation is a technique widely used by cybercriminals, Advanced Persistent Threat (APT) groups, and even red-teaming operations. APTs, in particular, rely on obfuscation to remain undetected within networks for extended periods. However, modern malware, ransomware,...
Protecting Outdated and Unsupported Systems
Security strategies often assume that systems can be patched, upgraded, or replaced. In reality, many critical environments operate on legacy platforms where these options are impractical. Industrial control networks, healthcare systems, and government infrastructure...
Efficient NIS2 Compliance with THOR & ASGARD
The NIS2 Directive not only expands the scope of cybersecurity regulations but also introduces stricter penalties for non-compliance, including fines and liability risks for management. Unlike its predecessor, NIS2 mandates clear accountability and requires...
Patching is Not Enough: Why You Must Search for Hidden Intrusions
Many organizations make a critical mistake when responding to actively exploited zero-day vulnerabilities: they patch but don’t investigate. Think about it this way: If your front door was left wide open for weeks, would you just lock it and walk away? If attackers...
Cyber Security 2025: Practical Trends Beyond the Hype
In my 2024 article, Cyber Security 2024: Key Trends Beyond the Hype, I aimed to stay rational and avoid hype—especially around AI—and pointed out that most real-world attacks still involved unpatched systems, weak credentials, and social engineering. Over the past...
Why Prevention Isn’t Enough: How a Second Line of Defense Protects Your Business
According to recent reports, cyberattacks rose by 75% in the third quarter of 2024 compared to the same period in the previous year and by 15% compared to the second quarter of 2024. This alarming trend clearly shows that companies are more than ever required to...