Blog

Filter: apt - Clear Filter

Changes in Upcoming THOR Version 10.3

Refactored Handle Detection We have completely refactored THOR's malicious Handle detection. We now allow the use of regular expressions and combined all types in a single signature file named "malicious-handles.dat".  Users can provide custom indicators by placing a...

read more
THOR 10 for AIX

THOR 10 for AIX

We are working on a THOR scanner version that brings our well-known compromise assessments and thousands of YARA rules to IBM's AIX®. Subscribe here to get noticed once beta testing and a stable version is available. * no advertisements - just two emails, one for the...

read more
THOR 10 Fusion Released

THOR 10 Fusion Released

THOR 10 Fusion has arrived.  It replaces our successful scanners THOR 8 and SPARK and combines the best of both worlds. It is a completely new code base that features all modules of our 4 year old compromise assessment flagship THOR 8 and the speed and extra features...

read more
THOR 10 Fusion – Major Changes

THOR 10 Fusion – Major Changes

In anticipation of our new scanner THOR 10 Fusion, we would like to show you some of the exciting new features and upcoming changes.  Modes and Feature Cleanup We've reviewed and reworked all scan modes in order to clarify the overview of active modules and features...

read more
Upcoming : THOR 10 “Fusion”

Upcoming : THOR 10 “Fusion”

We are proud to announce the upcoming release of THOR 10 code named "Fusion". It will replace our scanners THOR 8 and SPARK before the end of this year. Both of the current scanners will still receive updates until the end of this year. THOR 10 "Fusion" combines the...

read more

Antivirus Event Analysis Cheat Sheet v1.4

Download the newest version of our Antivirus Event Analysis Cheat Sheet here. --- Update 09.09.18 10:30am CET Thanks to Markus Neis, I've updated version 1.4 and created a version 1.5 just a few hours after my tweet. You can download version 1.5 here.

read more

YARA Rules to Detect Uncommon System File Sizes

YARA is an awesome tool especially for incident responders and forensic investigators. In my scanners I use YARA for anomaly detection on files. I already created some articles on "Detecting System File Anomalies with YARA" which focus on the expected contents of...

read more
Splunk Threat Intel IOC Integration via Lookups

Splunk Threat Intel IOC Integration via Lookups

Today most security teams have access to a lot of different information sources. On the one hand they collect log data from different sources and try to correlate them in a useful way in so-called SIEM systems. On the other hand they receive threat information from...

read more

APT Detection is About Metadata

People often ask me, why we changed the name of our scanner from "IOC" to "APT" scanner and if we did that only for marketing reasons. But don't worry, this blog post is just as little a sales pitch as it is an attempt to create a new product class. I'll show you why...

read more
GDPR Cookie Consent with Real Cookie Banner