Ekranoplan
/
BlackLotus_Ioc_scan_Powershell
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset And Microsoft
16 Commits 1 Branch 0 Tags 105 KiB
PowerShell 100%
Go to file
Ekranoplan 2aff82baa2 Update 'README.md' 2023-06-21 08:35:55 +00:00
Black-Lotus_check.ps1 Upload files to '' 2023-06-21 07:41:54 +00:00
Execution.PNG Upload files to '' 2023-06-21 07:54:07 +00:00
LICENSE Initial commit 2023-06-21 07:31:39 +00:00
ListBootAppsFromLogs.png Upload files to '' 2023-06-21 08:34:10 +00:00
ListBootapps.ps1 Upload files to '' 2023-06-21 08:28:55 +00:00
README.md Update 'README.md' 2023-06-21 08:35:55 +00:00
TCGLogTools.psm1 Upload files to '' 2023-06-21 08:28:55 +00:00

README.md

BlackLotus_Ioc_scan_Powershell

Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset and Microsoft

Usage:

Open Powershell (as Admin) and run:

.\Black-Lotus_check.ps1

Execution

There also another script module from Github (and recommended by Mycrosoft on their blogpost about this vulnerability) that can be used to inspect Bios boot logs and changes.

To use them, import module from their repo in Powershell:

Import-Module .\TCGLogTools.psm1

And then follow instructions on their git and Microsoft blogpost:

.\ListBootApps.ps1

ListBootApps