As someone who has spent many years researching attacks and supporting incident response teams, I’ve seen one question come up again and again: How do we return to a verified clean state after an intrusion? In every ransomware case, in every targeted espionage...
Our analysis uncovered a phishing campaign targeting organizations in India, leveraging spear-phishing techniques reminiscent of Operation Sindoor. What makes this activity stand out is the use of a Linux-focused infection method that relies on weaponized .desktop...
We’re pleased to announce a new technology partnership between Nextron and Arctic Wolf, a global leader in security operations, and one of the world’s largest commercial Security Operations Centers (SOCs). As part of the partnership, Arctic Wolf will incorporate...
The recently exploited SharePoint vulnerability chain known as ToolShell (CVE-2025-53770) has shown once again that patching alone isn't enough. Attackers gained unauthenticated remote access to vulnerable on-premises SharePoint servers, planted web shells, and...
We’re introducing Forwarding Profiles in THOR Cloud Enterprise — a feature designed to streamline how scan results are delivered to external systems such as SIEMs, log collectors, or analysis platforms. Rather than downloading logs manually or relying on intermediate...
According to recent reports, cyberattacks rose by 75% in the third quarter of 2024 compared to the same period in the previous year and by 15% compared to the second quarter of 2024. This alarming trend clearly shows that companies are more than ever required to...
We just launched THOR-Cloud Lite our new free, lightweight and easy to deploy on-demand compromise assessment scanner. Allowing you to access your scans and reports from everywhere at any time. Licensing, scan campaigns and reports everything is conveniently managed...
One of the main goals of Sigma as a project and Sigma rules specifically has always been to reduce the gap that existed in the detection rules space. As maintainers of the Sigma rule repository we're always striving for reducing that gap and making robust and...
We are proud to announce the integration of our private Sigma rule set in Valhalla. This rule set is used in our scanner THOR and endpoint agent Aurora. The rule set currently contains more than 250 quality-tested and generic rules written by Nextron's detection...
Nextron Systems has always supported the Sigma project, investing hundreds of work hours into creating and maintaining the community rules shared in the public Sigma rule repository. Apart from the community support, we've created a set of internal detection rules for...
The Follina 0day vulnerability (CVE-2022-30190) in Microsoft Windows is actively exploited in-the-wild and highly critical. This blog posts lists some important web resources and the signatures that detect exploitation attempts.Kevin's post contains links to tweets of...
After almost half a year of development, we are pleased to announce the release of our free version of the Aurora Agent named Aurora Lite. The Aurora agent is a Sigma-based endpoint agent that offers maximum transparency, flexibility, and confidentiality. It doesn't...
The following recorded video session includes information about our new Sigma-based EDR agent called "Aurora" and the free "Aurora Lite". It's a preview of the agent with information on its features, limits, advantages and a live demo. The release is scheduled for...
A new version of THOR Seed improves the integration with Microsoft Defender ATP by handling the script termination caused by exceeded timeouts. Due to a runtime limit for all scripts in the Live Response library we had to configure previous versions of THOR Seed to...
We are glad to announce significant performance improvements in the latest versions of THOR. We've refactored several processing units to bulk scan elements that have previously been checked each at a time. These changes affect the modules "Eventlog", "Registry",...