Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems.

Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems.

Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule from a monitoring engine such as Nagios, however, it may also be run from a command-line (for incident response).

check_ioc v1.4

Check_ioc script attempts to locate indicators of compromise on Windows systems. Much of the legwork was performed by the National Security Agency (NSA) in the white paper, “Spotting the Adversary with Windows Event Log Monitoring” (16Dec2013) so a huge thank you to them. The various checks below are notated with the corresponding section from the white paper wherever valid. Example: (4.1) ties to section 4.1 Application Whitelisting in the NSA white paperoject mmLoader-shellcode-generator then run it, collect the generated header file. Include the header file in your project

Usage:

Source: https://github.com/oneoffdallas