
Free IOC and YARA Scanner
TryHackMe Training Room for THOR Lite
Since THOR and THOR Lite are tools written for digital forensic experts, they can be difficult to use. There is often a steep learning curve in the beginning.
We’d like to help new users pass these first steps in a playful way by providing a TryHackMe challenge in which you analyse a compromised system using THOR Lite.
You’ll learn how to download and run it, interpret the results, write your own signatures and include your own IOCs for a custom threat.
Technical requirements
You’ll work with a prepared virtual machine that you’re required to download during the training.
- VMware or VirtualBox
- 13 GB download and 23 GB of disk space
Prerequisites
The room is meant for first time THOR or THOR Lite users.
Target Audience: DFIR professionals, administrators, security analysts
Duration: ~3 hours (without the download of the VM)
TryHackMe Training Room for THOR Lite
Free | TryHackMe account needed
Detailed learning content
- THOR Lite Util
- THOR Lite Flags
- Your first scan
- Reading the HTML Report and using VirusTotal
- Adding a custom IOC
- Write your own YARA rule
- Adding another Filename IOC
- Full scan
- False Positive Filter