[et_pb_section fb_built=”1″ _builder_version=”3.26.6″][et_pb_row _builder_version=”3.27.2″][et_pb_column type=”4_4″ _builder_version=”3.27.2″][et_pb_text _builder_version=”3.27.4″]<\/p>\n
THOR v10.1 features a mode of operation that is especially helpful in incident response or compromise assessment scenarios – remote scanning.\u00a0<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”3.27.2″][et_pb_column type=”2_5″ _builder_version=”3.27.2″][et_pb_text _builder_version=”3.27.4″]<\/p>\n
Imagine that you’re in a firefighting scenario – a breach has been confirmed and management wants to have quick results on the extent of the compromise.\u00a0<\/p>\n
The new remote scanning feature called “THOR Remote” allows you to perform triage scans on hundreds of remote systems from a single admin workstation. You can think of it as an integrated PsExec.\u00a0<\/p>\n
No scripting, no agents, no hustle.\u00a0\u00a0<\/span><\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”3.27.2″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2019\/08\/THOR_Remote.png” _builder_version=”4.4.2″ hover_enabled=”0″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”3.27.2″][et_pb_column type=”1_2″ _builder_version=”3.27.2″][et_pb_text _builder_version=”3.27.4″]<\/p>\n Benefits<\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.27.2″][et_pb_text _builder_version=”3.27.4″]<\/p>\n Requirements<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”3.26.6″][et_pb_column type=”2_5″ _builder_version=”3.26.6″][et_pb_text _builder_version=”3.27.4″]<\/p>\n All you need is the new version 10.1 of THOR and a command line of an admin user with the required privileges and open Windows ports (135\/tcp, 445\/tcp) on the remote systems.<\/p>\n THOR will then switch into a new mode of operation and present a command line interface showing scan information and a scrollable pane for each log file. (see screenshot)<\/p>\n THOR writes the log files to a local folder on the admin workstation or sends them via SYSLOG to your SIEM system.\u00a0\u00a0<\/span><\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”3.26.6″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2019\/10\/Screenshot-2019-10-29-at-18.01.02.png” _builder_version=”4.4.2″ hover_enabled=”0″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”3.27.2″][et_pb_column type=”2_5″ _builder_version=”3.27.2″][et_pb_text _builder_version=”3.27.4″]<\/p>\n You can also define a number of concurrent scans (workers) and delay the scan starts to distribute the load evenly among the target systems. This is beneficial when you scan numerous virtual machines running on a few host systems.\u00a0<\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”3.27.2″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2019\/08\/Screenshot-2019-08-27-at-12.48.48.png” _builder_version=”4.4.2″ hover_enabled=”0″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”3.27.2″][et_pb_column type=”4_4″ _builder_version=”3.27.2″][et_pb_video src=”https:\/\/www.youtube.com\/watch?v=qQgMItxdyqQ” _builder_version=”4.4.2″ hover_enabled=”0″ thumbnail_overlay_color=”rgba(0,0,0,0.6)”][\/et_pb_video][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”3.27.2″][et_pb_column type=”4_4″ _builder_version=”3.27.2″][et_pb_text _builder_version=”3.27.4″]<\/p>\n A complete triage scan of your internal domain can’t be more comfortable.\u00a0<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" THOR v10.1 features a mode of operation that is especially helpful in incident response or compromise assessment scenarios – remote scanning.\u00a0 Imagine that you’re in a firefighting scenario – a breach has been confirmed and management wants to have quick results on the extent of the compromise.\u00a0 The new remote scanning feature called “THOR Remote” allows you to perform triage scans on hundreds of remote systems from a single admin workstation. You can think of it as an integrated PsExec.\u00a0 No scripting, no agents, no hustle.\u00a0\u00a0Benefits No agent No scripting Painless scans of many remote systems Requirements Available on Windows only Accessible remote ports (135\/tcp, 445\/tcp) Account with local admin rights All you need is the new version 10.1 of THOR and a command line of an admin user with the required privileges and open Windows ports (135\/tcp, 445\/tcp) on the remote systems. THOR will then switch into a new mode of operation and present a command line interface showing scan information and a scrollable pane for each log file. (see screenshot) THOR writes the log files to a local folder on the admin workstation or sends them via SYSLOG to your SIEM system.\u00a0\u00a0You can also define a number of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"audio","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[34,46,32],"tags":[69,66,82,206,172,7,78,137,205],"class_list":["post-4732","post","type-post","status-publish","format-audio","hentry","category-loki","category-newsletter","category-thor","tag-compromise-assessment","tag-incident-response","tag-ioc","tag-psexec","tag-remote","tag-scanner","tag-scanning","tag-tool","tag-triage","post_format-post-format-audio"],"yoast_head":"\n\n
\n