Malware that deploys crypto mining software has become more and more popular and annoying. It's not always possible to scan every device in your network with our free or commercial compromise assessment scanners. The good news is that the mining pools for the most...
Blog
Silent Scanning – Compromise Assessment with THOR Lite on a Compromised Exchange 2019 Server
The following video shows a compromise assessment with our free THOR Lite scanner on a Microsoft Exchange 2019 server detecting ProxyShell and ProxyToken exploitation. We've done no post-editing in this video. You can jump to all findings using the video chapters....
Update Service Maintenance
Today, on 26th of August, we upgrade our update service infrastructure to a completely new service. What stays the same: Server names and IPs SSL/TLS Certificates What gets changed: We replace the service that handles requests and serves the update packages Affected...
Antivirus Event Analysis Cheat Sheet v1.8.2
The analysis of Antivirus events can be a tedious task in big organizations with hundreds of events per day. Usually security teams fall back to a mode of operation in which they only analyze events in which a cleanup process has failed or something went wrong. This...
Visit the New Online Manuals
We've converted all our PDF based user manuals into shiny new online versions. The new online versions are hosted on Github and converted into web pages with the help of ReadTheDocs. This way we can update them with new information much faster than before and allow...
Use YARA math Module Extension in THOR TechPreview and THOR Lite
Not long ago, we've created a pull request for the official YARA repository on Github, that would introduce new functions in the `math` module to improve the flexibility in cases in which a sample is heavily scrambled or obfuscated. These cases require further...
THOR 10.6.8 TechPreview with ETW Watcher to Detect CobaltStrike Beacons
THOR TechPreview version 10.6.8 will introduce a completely new module named ETW Watcher, which runs in a separate thread and monitors the systems during a scan run. As its name indicates, the ETW Watcher module makes use of Event Tracing for Windows (ETW). So,...
Analyze VMware ESX Systems with THOR Thunderstorm
Since the release of THOR Thunderstorm in the summer of 2020, our customers used it to analyse a variety of systems that are usually considered as "out of scope". In some cases the EULA prevents the installation of Antivirus scanners or EDR agents. In other cases the...
End-of-Life ASGARD Analysis Cockpit Version 2
Nextron announces the end-of-sale and end-of-life dates for the ASGARD Analysis Cockpit version 2. Customers with active service contracts will continue to receive support until June 30, 2022, as shown in the table below. End of Life Announcement Date The date the...
ASGARD Analysis Cockpit Version 3
ASGARD Analysis Cockpit is our on-premise soft-appliance that helps you analyze large amounts of THOR log data. The new version 3, which has just been released, adds many new usability features and views. This blog post lists some of the changes. Analysis Cockpit 3...
THOR Lite Usage in Mjolnir Security’s Introduction to Incident Response Training
Our partner Mjolnir Security offers a training named "Introduction to Incident Response" from 3th of May to 13th of May. It's 3 hours a day, from 5pm to 8pm Eastern time, but will be recorded for you to watch it whenever you like. On day 6 you'll learn to write YARA...
Antivirus Event Analysis Cheat Sheet v1.8
Download the Antivirus Event Analysis Cheat Sheet version 1.8.1 here.