Back to Trainings

T102 | THOR APT Scanner Professional

One-day web-based training with virtual lab infrastructure. Topics: Advanced features, configuration options, and best practice approaches for using THOR beyond standard scenarios. Explore the capabilities and use cases of THOR Forensic Lab, apply custom IOCs and YARA rules, and learn how to work with THOR Seed.

Booking

Technical requirements

To use the THOR software in this training, we provide two Windows 10 machines and one Ubuntu machine in our Cloud LAB. To participate in the training and complete the exercises, a client with RDP software and an internet connection is required.

Prerequisites

Solid practical experience with command line tools under Microsoft Windows. Basic understanding of hacking techniques and their traces on a system. Experience in the field of Security Monitoring is helpful but not required.

Completion of the “T101 | THOR APT Scanner Fundamentals” training or prior hands-on experience with THOR is strongly recommended.

Estimated training time is 6 hours. Cloud Lab is available for five days.

Training must be completed within the five-day lab availability.

The training concludes with a certificate of participation.

Detailed learning content

  • Advanced understanding of THOR and its characteristics and features
  • Special Modules and Flags
  • THOR Util Deep Dive
  • Portal License Retrieval
  • Creating and Using Scan Templates
  • Forensic Lab Scanning
  • Drop Zone Mode
  • THOR Seed and THOR Thunderstorm
  • Customization of Event Score
  • THOR Remote