T101 | THOR APT Scanner Fundamentals

One-day web-based training with virtual lab infrastructure. Topics: Product Overview and licensing schemes. Run THOR from the command line with various options for different detection use cases. Evaluate different messages from different THOR modules.

Technical requirements

To use the THOR software in this training, we provide one Windows 10 machine in our Cloud LAB. To be able to perform the training and exercises, a client with RDP software is required together with an internet connection.


Solid practical experience with command line tools under Microsoft Windows. Basic understanding of hacking techniques and their traces on a system. Experience in the field of Security Monitoring is helpful but not required.

Estimated training time is 8 hours. Cloud Lab is available for five days.
Training must be completed within the five-day lab availability.

Training concludes with a participation certificate.

T101 | THOR APT Scanner Fundamentals

900,00 €

Detailed learning content

  • Basic understanding of THOR and its characteristics and features
  • Working with the LAB Environment
  • THOR Util and its maintenance features
    • upgrade
    • update
    • download
  • Basic Scanning and Evaluation
  • Practical exercises for THOR scans, such as
    • SHIMCache
    • Registry
    • Full scan
  • Use of THOR on the command line
  • Custom IOCs
  • Recommended Flags
  • Handling of false positives
  • Debugging with THOR
GDPR Cookie Consent with Real Cookie Banner