Quick IOC Scan With Docker, (Fri, Apr 28th)

When investigating an incident, you must perform initial tasks quickly. There is one tool in my arsenal that I’m using to quickly scan for interesting IOCs (“Indicators of Compromise”). This tool is called Loki[1], the free version of the Thor scanner. I like this tool because you can scan for a computer (processes & files) or a specific directory (only files) for suspicious content. The tool has many interesting YARA rules, but you can always add your own to increase …

amp arsenal called capabilities compromise computer detection directory docker files free incident indicators of compromise ioc iocs loki own processes quickly rules scan scanner tool version yara yara rules