Blog

Filter: malware - Clear Filter

How to scan Docker images using THOR – Part 1

How to scan Docker images using THOR – Part 1

In this blog article, we will talk about how you can use THOR to scan Docker images. Consider the following use case:  Before using an upstream Docker image, you want to precheck it for known IOCs and backdoors. THOR can help you with this!Prerequisites Docker image...

read more
THOR 10 for AIX

THOR 10 for AIX

We are working on a THOR scanner version that brings our well-known compromise assessments and thousands of YARA rules to IBM's AIX®. Subscribe here to get noticed once beta testing and a stable version is available. * no advertisements - just two emails, one for the...

read more

YARA Rule Sets and Rule Feed

As previously announced our YARA rule packs and feeds will be available in March/April 2019. We've put a lot of effort into a internal system named "Mjolnir" that parses, normalizes, filters, tags and automatically modifies our rule base, which contains more than 9000...

read more

THOR 8.53 Feature: Diff Mode

With the upcoming version 8.53 of THOR, we're testing a new feature called "Difference" or "Diff" mode (--diff). The idea behind "Diff" mode is that a scan could be much faster, if it would only consider elements that have been created or changed since the last scan...

read more

Antivirus Event Analysis Cheat Sheet v1.4

Download the newest version of our Antivirus Event Analysis Cheat Sheet here. --- Update 09.09.18 10:30am CET Thanks to Markus Neis, I've updated version 1.4 and created a version 1.5 just a few hours after my tweet. You can download version 1.5 here.

read more

YARA Rules to Detect Uncommon System File Sizes

YARA is an awesome tool especially for incident responders and forensic investigators. In my scanners I use YARA for anomaly detection on files. I already created some articles on "Detecting System File Anomalies with YARA" which focus on the expected contents of...

read more
How to Write Simple but Sound Yara Rules – Part 2

How to Write Simple but Sound Yara Rules – Part 2

Months ago I wrote a blog article on "How to write simple but sound Yara rules". Since then the mentioned techniques and tools have improved. I'd like to give you a brief update on certain Yara features that I frequently use and tools that I use to generate and test...

read more
GDPR Cookie Consent with Real Cookie Banner