TryHackMe Room for THOR Lite
Since THOR and THOR Lite are tools written for digital forensic experts, they can be difficult to use. There is often a steep learning curve in the beginning.
We’d like to help new users pass these first steps in a playful way by providing a TryHackMe challenge in which you analyse a compromised system using THOR Lite.
You’ll learn how to download and run it, interpret the results, write your own signatures and include your own IOCs for a custom threat.
Technical requirements
You’ll work with a prepared virtual machine that you’re required to download during the training.
- VMware or VirtualBox
- 13 GB download and 23 GB of disk space
Prerequisites
The room is meant for first time THOR or THOR Lite users.
Target Audience: DFIR professionals, administrators, security analysts
Duration: ~3 hours (without the download of the VM)
TryHackMe Room for THOR Lite
Free | TryHackMe account needed
Detailed learning content
- THOR Lite Util
- THOR Lite Flags
- Your first scan
- Reading the HTML Report and using VirusTotal
- Adding a custom IOC
- Write your own YARA rule
- Adding another Filename IOC
- Full scan
- False Positive Filter