981 B
981 B
BlackLotus_Ioc_scan_Powershell
Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset and Microsoft
Usage:
Open Powershell (as Admin) and run:
.\Black-Lotus_check.ps1
There also another script module from Github (and recommended by Mycrosoft on their blogpost about this vulnerability) that can be used to inspect Bios boot logs and changes.
To use them, import module from their repo in Powershell:
Import-Module .\TCGLogTools.psm1
And then follow instructions on their git and Microsoft blogpost:
.\ListBootApps.ps1
