Ekranoplan/BlackLotus_Ioc_scan_Powershell
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Ekranoplan 2aff82baa2 Update 'README.md'
2023-06-21 08:35:55 +00:00
Black-Lotus_check.ps1
Upload files to ''
2023-06-21 07:41:54 +00:00
Execution.PNG
Upload files to ''
2023-06-21 07:54:07 +00:00
LICENSE
Initial commit
2023-06-21 07:31:39 +00:00
ListBootapps.ps1
Upload files to ''
2023-06-21 08:28:55 +00:00
ListBootAppsFromLogs.png
Upload files to ''
2023-06-21 08:34:10 +00:00
README.md
Update 'README.md'
2023-06-21 08:35:55 +00:00
TCGLogTools.psm1
Upload files to ''
2023-06-21 08:28:55 +00:00

README.md

BlackLotus_Ioc_scan_Powershell

Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset and Microsoft

Usage:

Open Powershell (as Admin) and run:

.\Black-Lotus_check.ps1

Execution

There also another script module from Github (and recommended by Mycrosoft on their blogpost about this vulnerability) that can be used to inspect Bios boot logs and changes.

To use them, import module from their repo in Powershell:

Import-Module .\TCGLogTools.psm1

And then follow instructions on their git and Microsoft blogpost:

.\ListBootApps.ps1

ListBootApps

Description
Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset And Microsoft
Readme 105 KiB
Languages
PowerShell 100%