First release of AutoRuns module

September 22, 2016

>_

You may remember the excellent PowerShell Security series from PowerShell Magazine where I presented a Get-PSAutoRun function to investigate malware persistence ala “Sysinternals autoruns”.

I’ve actually revised its content during the last Christmas holidays and transformed it as a module.

I’ve updated the launch points the original Sysinternals autoruns utility checks and tried to do my best to keep track of what new launch points were added or removed between versions:
AutoRunsHistory
You may have noticed that there’s a new category for Office plugins.
I’ve also added some code about the PoweLiks malware although I hadn’t had yet a sample to fully test my detection code:
Powelik

The code has also undergone a major “quality review” to reduce the number of warnings or issues reported by the PSScriptAnalyzer module.
Test-Code-with-Invoke-ScriptAnalyzer
As you can see, it still complains about using the Get-WmiObject cmdlet and the fact that I sometimes use an empty catch…

View original post 50 more words


First release of AutoRuns module

September 22, 2016

You may remember the excellent PowerShell Security series from PowerShell Magazine where I presented a Get-PSAutoRun function to investigate malware persistence ala “Sysinternals autorunsR…

Source: First release of AutoRuns module


Open source PowerShell and OMI

September 6, 2016

Richard Siddaway's Blog

OMI – the Open Source CIM server is available on github

https://github.com/Microsoft/omi

This appears to be a later version than currently shown on the open group web site

Combine this with open source PowerShell

https://github.com/PowerShell/PowerShell

and the DSC on Linux

https://github.com/Microsoft/PowerShell-DSC-for-Linux

And you have your basis for managing Linux machines

View original post