Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/iknowjason/ioc-scan-pwsh-yara
IOC Yara scan over powershell remoting using Yara.
https://github.com/iknowjason/ioc-scan-pwsh-yara
Last synced: 2 days ago
JSON representation
IOC Yara scan over powershell remoting using Yara.
- Host: GitHub
- URL: https://github.com/iknowjason/ioc-scan-pwsh-yara
- Owner: iknowjason
- Created: 2024-09-08T17:48:14.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2024-09-08T17:58:27.000Z (2 months ago)
- Last Synced: 2024-09-08T19:29:14.021Z (2 months ago)
- Language: PowerShell
- Size: 1.37 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Overview
IOC scanning across an Active Directory domain using powershell remoting with yara to detect an IOC.
This gets all domain computers and runs a yara.exe scan matching the pattern in fin1.yara. Runs over powershell remoting.
1. Update the yara executables, if necessary
2. Adapt the fin1.yara to your custom IOCs
3. Run the script on a Domain Joined system
4. Run it as Domain Administrator
5. Ensure all target domain joined computers have WinRM/powershell remoting enabled