Hot Take THOR Cloud Lite Release Session

[upnorth]

• Introduction to THOR Cloud Lite
• Overview of deployment options
• Demonstration of the web interface, including campaign creation
• Custom IOCs (Indicators of Compromise) setup
• Explanation of essential settings
• Exploration of different THOR Cloud launcher options

THOR Cloud eliminates the need for on-premise systems for licensing and scanner package downloads. With THOR Cloud, all you need is a small yet powerful tool known as the THOR Cloud launcher. Simply bring it to your endpoint or allow end users to download and execute it themselves.

This launcher serves as the core of a comprehensive on-demand forensic investigation, powered by our advanced scanner, THOR. Equipped with over 20,000 pre-built signatures designed to detect various traces of hacking activity, THOR ensures thorough analysis and identification of potential security threats.

THOR Cloud - Nextron Systems

www.nextron-systems.com

 

[upnorth]

Microsoft Defender ATP Integration​

Learn how to utilize the THOR Cloud Lite PowerShell script from the Live Response script library and conduct scans on end systems through the Live Response feature within Microsoft Defender.

 

[upnorth]

Client/Endpoint:

 

[simmerskool]

Client/Endpoint:

View attachment 279582

@upnorth are you going to provide us with your opinion of this software?

 

[upnorth]

@upnorth are you going to provide us with your opinion of this software?

Since I'm testing it at the moment sure I can, but just to be as clear as possible. It's a security cloud service ( work in progress ) where one download a binary file from and then execute/run that file on a machine with either Windows, Linux or MacOS. It then shows the progress in the default set browser as seen in the screenshot ( Edge on that specific system ). At the moment running as a SOS ( second opinion scanner ) on a guest VM with Windows 10.

I can not recommend this for normal home users, as for example the integration with the business/enterprise version of Microsoft 365 and Defender ATP automatic make this far out of scope. Also the upcoming features for connection with SEIM solutions such as Splunk and SENTINAL etc, should hopefully explain more.

 

[simmerskool]

Since I'm testing it at the moment sure I can, but just to be as clear as possible. It's a security cloud service ( work in progress ) where one download a binary file from and then execute/run that file on a machine with either Windows, Linux or MacOS. It then shows the progress in the default set browser as seen in the screenshot ( Edge on that specific system ). At the moment running as a SOS ( second opinion scanner ) on a guest VM with Windows 10.

I can not recommend this for normal home users, as for example the integration with the business/enterprise version of Microsoft 365 and Defender ATP automatic make this far out of scope. Also the upcoming features for connection with SEIM solutions such as Splunk and SENTINAL etc, should hopefully explain more.

good info, thanks!!

 

[upnorth]

Latest test done with a MacBook Air as the client, browser Opera.

Found a possible bug as the launcher didn't execute as it should, and I was forced to manually find the correct file in the package. But in general this works fine also on macOS. The scan took around 15 minutes and the log did reveal 1 .js file that needs deeper analysis.

Will see if I'll test this later on also on Linux.