Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/secnnet/amsi-scripts
https://github.com/secnnet/amsi-scripts
amsi antivirus-integration content-scanning etw incident-response malware-detection powershell-scripts powershell-security security-tools threat-analysis
Last synced: 5 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/secnnet/amsi-scripts
- Owner: secnnet
- License: mit
- Created: 2023-07-16T08:16:12.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-10-19T09:23:12.000Z (about 1 year ago)
- Last Synced: 2023-10-19T10:32:53.890Z (about 1 year ago)
- Topics: amsi, antivirus-integration, content-scanning, etw, incident-response, malware-detection, powershell-scripts, powershell-security, security-tools, threat-analysis
- Language: PowerShell
- Homepage:
- Size: 9.77 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# AMSI Scripts
**PowerShell scripts for AMSI operations.**
### Prerequisites:
- Windows OS
- PowerShell (v5.1+)
- Admin privileges (for some tasks)
### Usage:
1. Clone/download repo.
2. Open PowerShell in script directory.
3. Run desired script:
- `.\Send-AmsiContent.ps1`: Scan content via AMSI.
- `.\Get-AMSIEvent.ps1 -Path `: Parse AMSI ETW trace.
- `.\Get-AMSIScanResult.ps1 -Interactive`: Interactive mode.
- `.\Get-AMSIScanResult.ps1 -File -StandardAppName `: File mode.
### Notes:
- Run with elevated permissions if needed.
- Understand implications before content scanning.
- Scripts are as-is; use at your own risk.
### Credits:
Scripts modified from Matt Graeber's work at Red Canary. See [Microsoft](https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal) for AMSI details.
### License:
MIT