Ekranoplan/BlackLotus_Ioc_scan_Powershell
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13 Commits 1 Branch 0 Tags
f0a6d5dbd18eaa77f7dc75d458e5f07ca5cbd502
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Ekranoplan f0a6d5dbd1 Upload files to ''
2023-06-21 08:34:10 +00:00
Black-Lotus_check.ps1
Upload files to ''
2023-06-21 07:41:54 +00:00
Execution.PNG
Upload files to ''
2023-06-21 07:54:07 +00:00
LICENSE
Initial commit
2023-06-21 07:31:39 +00:00
ListBootapps.ps1
Upload files to ''
2023-06-21 08:28:55 +00:00
ListBootAppsFromLogs.png
Upload files to ''
2023-06-21 08:34:10 +00:00
README.md
Update 'README.md'
2023-06-21 08:28:22 +00:00
TCGLogTools.psm1
Upload files to ''
2023-06-21 08:28:55 +00:00

README.md

BlackLotus_Ioc_scan_Powershell

Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset and Microsoft

Usage:

Open Powershell (as Admin) and run:

.\Black-Lotus_check.ps1

Execution

There also another script module from Github (and recommended by Mycrosoft on their blogpost about this vulnerability) that can be used to inspect Bios boot logs and changes.

To use them, import module from their repo in Powershell:

Import-Module .\TCGLogTools.psm1

And then follow instructions on their git and Microsoft blogpost:

.\ListBootApps.ps1

Description
Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset And Microsoft
Readme 105 KiB
Languages
PowerShell 100%