Take our software problem solving cheat sheet to give your interns, trainees, apprentices guidance while finding their own solution to common software problems.
Software Problem Solving Cheat Sheet
read more
THOR Util Replaces THOR-Upgrade
We are currently upgrading our update infrastructure in many different ways. We have added 2 new dedicated update servers - update1 (Karlsruhe, Germany) and update2 (Lenexa, USA). The old update locations will still be supported for a few months but have to be...
ASGARD Management Center version 1.4
Release notification of the ASGARD Management Center version 1.4 We have release version 1.4 for ASGARD. This version has major improvements in usability, flexibility, stability and performance. Plan and run THOR and SPARK scans on up to 10.000 endpoints – with a...
New Antivirus Event Analysis Cheat Sheet Version 1.2
Today we release a new version of our "Antivirus Event Analysis" Cheat Sheet that helps you with the analysis of Antivirus events by providing a clear decision matrix. We've updated many of the sections, added new VirusTotal online analysis checks and brought it in a...
THOR 8.44 features TLS Syslog Transmission & ZIP YARA Scanning
The new THOR version 8.44 comes with some interesting new features. TLS/SSL Syslog Transmission THOR version 8.44.0 supports the Syslog log transmission in an SSL/TLS encrypted form. Just set the value "TCPTLS" as protocol in the 4th position of the target definition....
New THOR / SPARK License Packs
We have just recently released new, flexible and practice-oriented license packs for our scanners THOR and SPARK. These license packs will help you to get started as quickly as possible in case of an incident response, digital forensics engagement or compromise...
How to Write Sigma Rules
Sigma is an open standard for rules that allow you to describe searches on log data in generic form. These rules can be converted and applied to many log management or SIEM systems and can even be used with grep on the command line. In this article I'd like to give...
Write YARA Rules to Detect Embedded EXE Files in OLE Objects
This is the first blog post published on our new website. If you followed my blog on www.bsk-consulting.de you should consider subscribing to the RSS feed of this blog or the "Nextron Systems Newsletter". This is one of the YARA related blog posts showcasing a special...
Welcome to Our New Website
We welcome you to our new website and encourage you to review our 'products' and 'services' sections. From now on we will publish news about our products, articles about incident response, YARA rules, detection methods, IOCs and other interesting topics on this blog...
The Best Possible Monitoring with Sigma Rules
Some of you may already have heard of Sigma, a generic approach for signatures used in SIEM systems. Its main purpose is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with...
Not All IOC Scanning Is the Same
In the recent months I had several talks with friends and coworkers about IOC scanning and how to integrate IOCs from threat intel feeds into our scanners or other products that our customers already use. People often tell me that EDR or client management product X...
How to Fall Victim to Advanced Persistent Threats
During the last four years, I was engaged on incident response teams for several large advanced persistent threat (APT) cases involving different German corporations. In this time, we have developed methods and tools to detect compromised systems, while also planning...