Blog

Filter: Nextron - Clear Filter

How to scan Docker images using THOR – Part 1

How to scan Docker images using THOR – Part 1

In this blog article, we will talk about how you can use THOR to scan Docker images. Consider the following use case:  Before using an upstream Docker image, you want to precheck it for known IOCs and backdoors. THOR can help you with this!Prerequisites Docker image...

read more
Customer Portal Upgrade – Planned Downtime

Customer Portal Upgrade – Planned Downtime

We would like to inform you that our customer portal will be undergoing a scheduled maintenance and will be temporarily unavailable on Wednesday, April 12, 2023, between 10:00am and 11:00am CEST. We apologize for any inconvenience this may cause. During this downtime,...

read more
Demystifying SIGMA Log Sources

Demystifying SIGMA Log Sources

One of the main goals of Sigma as a project and Sigma rules specifically has always been to reduce the gap that existed in the detection rules space. As maintainers of the Sigma rule repository we're always striving for reducing that gap and making robust and...

read more
How to scan ESXi systems using THOR

How to scan ESXi systems using THOR

More and more often, adversaries target and exploit Internet-facing appliances or devices with exotic or restricted operating systems. Users ask if there is a way to run a compromise assessment scan on these systems with the YARA rules used in THOR. Following up on...

read more
Virustotal Lookups in THOR v10.7

Virustotal Lookups in THOR v10.7

We're glad to announce a new feature that allows users to enrich events generated by THOR with information from Virustotal.  The feature is available in the full THOR v10.7 TechPreview and THOR Lite. It can be used in any scan mode: live endpoint scanning, lab...

read more

Antivirus Event Analysis Cheat Sheet v1.11.0

We've updated our Antivirus Event Analysis Cheat Sheet to version 1.11.0. It includes updates in several sections add special identifiers for other hack tools and ransomware (sync with Sigma rule changes provided by Arnim Rupp in PR #3919 and #3924) You can download...

read more

Extended ProxyNotShell Detection Covering OWASSRF

In a report published on the 20th of December CrowdStrike published a report of a new technique exploiting the Microsoft Exchange vulnerability called ProxyNotShell. The called the new technique OWASSRF as it uses Outlook Web Access, CVE-2022-41080 and CVE-2022-41082...

read more
GDPR Cookie Consent with Real Cookie Banner Experienced a Breach?