Projects

A toolset to make a system look as if it was the victim of an APT attack

asgard-playbooks - Python project

Helper scripts and configs to be used with Aurora Agent

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

Cortex Analyzers for Nextron Products

A repository hosting example goodware evtx logs containing sample software installation and basic user interaction

Imphash-like calculation on Golang binaries

Simple ElasticSearch API for Golang

Iterate over Windows Handles

Authorize to an NTLM Proxy for a HTTP(S) connection in Golang

Detect version of running os

Manipulate the priority of the GO program

Connect to Windows Task Scheduler 2.0 with Golang

Indicators of compromise from to analysis and research by Nextron Threat Research team

Definitions of structures used in THOR JSON logs

Public tools, scripts or code snippets that can help when working with our products

openrelik-worker-thor-lite - Python project

Postfix 2 Thor Thunderstorm

Ransomware simulator written in Golang

Guides and scripts for different uses cases regarding scanning containers with THOR

Guides and scripts for different uses cases regarding scanning SQL databases with THOR

Simple SYSLOG client in Go

Sysmon configuration file template with default high-quality event tracing

Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR Agent Alerts into Splunk.

THOR Integration Guide for Microsoft Defender ATP

Plugin interface for THOR APT Scanner

thor2ts – A utility to convert THOR logs to Timesketch’s required format.

THOR Thunderstorm Collectors

Python module to interact with THOR Thunderstorm service

Valhalla API Client

Integration of THOR into Veeam Backup & Replication

Thor Artifacts for Velociraptor

Parsing of YARA rules into AST and building new rulesets in C++.