Blog

Filter: scanning - Clear Filter

How to scan ESXi systems using THOR

How to scan ESXi systems using THOR

More and more often, adversaries target and exploit Internet-facing appliances or devices with exotic or restricted operating systems. Users ask if there is a way to run a compromise assessment scan on these systems with the YARA rules used in THOR. Following up on...

read more
Virustotal Lookups in THOR v10.7

Virustotal Lookups in THOR v10.7

We're glad to announce a new feature that allows users to enrich events generated by THOR with information from Virustotal.  The feature is available in the full THOR v10.7 TechPreview and THOR Lite. It can be used in any scan mode: live endpoint scanning, lab...

read more

Reasons Why to Use THOR instead of THOR Lite

We have received reports from customers that were approached by service providers that offered compromise assessments with our scanner THOR. Subsequently, it appeared, however, that these providers used THOR Lite in their engagements and, when asked about this, argued...

read more

There’s a Thunderstorm Coming

We are proud to announce a groundbreaking new scan mode named "Thunderstorm" that we've integrated into preview builds of the upcoming THOR version 10.6. This mode of operation turns THOR into a RESTful web service that is able to process thousands of samples per...

read more

THOR Integration into Microsoft Defender ATP

Why Integrate THOR into Microsoft Defender ATP While Microsoft Defender ATP fully plays off its strength in detecting live attacks, suspicious process starts and network connections, THOR shines as a live forensic scanner that scans the local filesystem, registry,...

read more

Not All IOC Scanning Is The Same

People often tell us that EDR product X already does IOC scanning and that they don’t have to check for these indicators a second time using our scanners. Especially when it comes to network wide sweeps for traces of activity due to an ongoing incident I recommend...

read more

Changes in Upcoming THOR Version 10.3

Refactored Handle Detection We have completely refactored THOR's malicious Handle detection. We now allow the use of regular expressions and combined all types in a single signature file named "malicious-handles.dat".  Users can provide custom indicators by placing a...

read more

New Feature in THOR v10.1 – Remote Scanning

THOR v10.1 features a mode of operation that is especially helpful in incident response or compromise assessment scenarios - remote scanning.  Imagine that you're in a firefighting scenario - a breach has been confirmed and management wants to have quick results on...

read more
THOR 10 Fusion – Major Changes

THOR 10 Fusion – Major Changes

In anticipation of our new scanner THOR 10 Fusion, we would like to show you some of the exciting new features and upcoming changes.  Modes and Feature Cleanup We've reviewed and reworked all scan modes in order to clarify the overview of active modules and features...

read more
Upcoming : THOR 10 “Fusion”

Upcoming : THOR 10 “Fusion”

We are proud to announce the upcoming release of THOR 10 code named "Fusion". It will replace our scanners THOR 8 and SPARK before the end of this year. Both of the current scanners will still receive updates until the end of this year. THOR 10 "Fusion" combines the...

read more
GDPR Cookie Consent with Real Cookie Banner