Ekranoplan/BlackLotus_Ioc_scan_Powershell
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
401da0beee
BlackLotus_Ioc_scan_Powershell/README.md
Ekranoplan 401da0beee Update 'README.md'
2023-06-21 08:28:22 +00:00

933 B
Raw Blame History

BlackLotus_Ioc_scan_Powershell

Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset and Microsoft

Usage:

Open Powershell (as Admin) and run:

.\Black-Lotus_check.ps1

Execution

There also another script module from Github (and recommended by Mycrosoft on their blogpost about this vulnerability) that can be used to inspect Bios boot logs and changes.

To use them, import module from their repo in Powershell:

Import-Module .\TCGLogTools.psm1

And then follow instructions on their git and Microsoft blogpost:

.\ListBootApps.ps1