Blog

Filter: LOKI - Clear Filter

New Feature in THOR v10.1 – Remote Scanning

THOR v10.1 features a mode of operation that is especially helpful in incident response or compromise assessment scenarios - remote scanning.  Imagine that you're in a firefighting scenario - a breach has been confirmed and management wants to have quick results on...

read more

YARA Rules to Detect Uncommon System File Sizes

YARA is an awesome tool especially for incident responders and forensic investigators. In my scanners I use YARA for anomaly detection on files. I already created some articles on "Detecting System File Anomalies with YARA" which focus on the expected contents of...

read more
How to Write Simple but Sound Yara Rules

How to Write Simple but Sound Yara Rules

During the last 2 years I wrote approximately 2000 Yara rules based on samples found during our incident response investigations. A lot of security professionals noticed that Yara provides an easy and effective way to write custom rules based on strings or byte...

read more
GDPR Cookie Consent with Real Cookie Banner