Malware that deploys crypto mining software has become more and more popular and annoying. It's not always possible to scan every device in your network with our free or commercial compromise assessment scanners. The good news is that the mining pools for the most...
The following video shows a compromise assessment with our free THOR Lite scanner on a Microsoft Exchange 2019 server detecting ProxyShell and ProxyToken exploitation. We've done no post-editing in this video. You can jump to all findings using the video chapters....
Today, on 26th of August, we upgrade our update service infrastructure to a completely new service. What stays the same: Server names and IPs SSL/TLS Certificates What gets changed: We replace the service that handles requests and serves the update packages Affected...
The analysis of Antivirus events can be a tedious task in big organizations with hundreds of events per day. Usually security teams fall back to a mode of operation in which they only analyze events in which a cleanup process has failed or something went wrong. This...
We've converted all our PDF based user manuals into shiny new online versions. The new online versions are hosted on Github and converted into web pages with the help of ReadTheDocs. This way we can update them with new information much faster than before and allow...
Not long ago, we've created a pull request for the official YARA repository on Github, that would introduce new functions in the `math` module to improve the flexibility in cases in which a sample is heavily scrambled or obfuscated. These cases require further...
THOR TechPreview version 10.6.8 will introduce a completely new module named ETW Watcher, which runs in a separate thread and monitors the systems during a scan run. As its name indicates, the ETW Watcher module makes use of Event Tracing for Windows (ETW). So,...
Since the release of THOR Thunderstorm in the summer of 2020, our customers used it to analyse a variety of systems that are usually considered as "out of scope". In some cases the EULA prevents the installation of Antivirus scanners or EDR agents. In other cases the...
Nextron announces the end-of-sale and end-of-life dates for the ASGARD Analysis Cockpit version 2. Customers with active service contracts will continue to receive support until June 30, 2022, as shown in the table below. End of Life Announcement Date The date the...
ASGARD Analysis Cockpit is our on-premise soft-appliance that helps you analyze large amounts of THOR log data. The new version 3, which has just been released, adds many new usability features and views. This blog post lists some of the changes. Analysis Cockpit 3...
Our partner Mjolnir Security offers a training named "Introduction to Incident Response" from 3th of May to 13th of May. It's 3 hours a day, from 5pm to 8pm Eastern time, but will be recorded for you to watch it whenever you like. On day 6 you'll learn to write YARA...
Download the Antivirus Event Analysis Cheat Sheet version 1.8.1 here.