At the recent Cybersecurity Summit in Hamburg, we joined our partner agilimo Consulting to present on the theme: “Cybersecurity made in Germany.” The central question: How can organizations turn digital sovereignty into real operational security – beyond just a...
The Blind Spot Scanner – Why THOR Detects What Others Miss
Antivirus engines and EDRs have their place – no doubt. But what happens when malware simply slips through their nets? What if the malicious file was never executed? What if the incident happened months ago? That’s where THOR comes in. Our compromise assessment...
From THOR Scan to Timeline: Correlating Findings in Timesketch
We’ve released a CLI utility that converts THOR logs into a Timesketch-compatible format. This allows analysts to import and visualize THOR’s forensic findings as timestamped events on a unified timeline, together with data from other sources. The thor2ts utility...
Stealth in 100 Lines: Analyzing PAM Backdoors in Linux
Abuse of Modular Trust PAM (Pluggable Authentication Modules) is a fundamental part of Linux authentication infrastructure. Its flexibility - designed to support various authentication mechanisms - can be exploited by adversaries. In our analysis, we encountered a...
Katz Stealer Threat Analysis
In this analysis, we will delve into the technical details of Katz Stealer, a credential-stealing malware as a service. We will explore its infection chain and the various techniques it employs to evade detection and exfiltrate sensitive data. We will also discuss...
Nitrogen Dropping Cobalt Strike – A Combination of “Chemical Elements”
First detected in September 2024 and initially targeting the United States and Canada, the Nitrogen ransomware group has since expanded its reach into parts of Africa and Europe. Many of their victims remain absent from Nitrogen’s public ransomware blog and likely...
Forwarding Profiles in THOR Cloud Enterprise: Direct Log Delivery from Endpoints
We’re introducing Forwarding Profiles in THOR Cloud Enterprise — a feature designed to streamline how scan results are delivered to external systems such as SIEMs, log collectors, or analysis platforms. Rather than downloading logs manually or relying on intermediate...
Obfuscated Threats – The Invisible Danger in Cybersecurity
Obfuscation is a technique widely used by cybercriminals, Advanced Persistent Threat (APT) groups, and even red-teaming operations. APTs, in particular, rely on obfuscation to remain undetected within networks for extended periods. However, modern malware, ransomware,...
Protecting Outdated and Unsupported Systems
Security strategies often assume that systems can be patched, upgraded, or replaced. In reality, many critical environments operate on legacy platforms where these options are impractical. Industrial control networks, healthcare systems, and government infrastructure...
Efficient NIS2 Compliance with THOR & ASGARD
The NIS2 Directive not only expands the scope of cybersecurity regulations but also introduces stricter penalties for non-compliance, including fines and liability risks for management. Unlike its predecessor, NIS2 mandates clear accountability and requires...
Patching is Not Enough: Why You Must Search for Hidden Intrusions
Many organizations make a critical mistake when responding to actively exploited zero-day vulnerabilities: they patch but don’t investigate. Think about it this way: If your front door was left wide open for weeks, would you just lock it and walk away? If attackers...
Cyber Security 2025: Practical Trends Beyond the Hype
In my 2024 article, Cyber Security 2024: Key Trends Beyond the Hype, I aimed to stay rational and avoid hype—especially around AI—and pointed out that most real-world attacks still involved unpatched systems, weak credentials, and social engineering. Over the past...
Why Prevention Isn’t Enough: How a Second Line of Defense Protects Your Business
According to recent reports, cyberattacks rose by 75% in the third quarter of 2024 compared to the same period in the previous year and by 15% compared to the second quarter of 2024. This alarming trend clearly shows that companies are more than ever required to...
Streamlining SOC Operations with THOR Cloud: Revolutionizing Remote Forensic Analysis
Security Operations Centers (SOCs) face increasing challenges in defending against sophisticated cyber threats, often compounded by resource limitations. Analyzing large volumes of forensic data to detect indicators of compromise (IoCs) can be a labor-intensive task....
Cybersecurity is Not a Solo Endeavor – A Recap of it-sa Expo&Congress 2024
Explore key takeaways from it-sa 2024 and learn how a collaborative approach to cybersecurity is essential for building resilient defenses.