dalmoz/CheckAngelfire.ps1

Last active September 3, 2017 08:33

Star 2 You must be signed in to star a gist
Fork 1 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/dalmoz/2f513f30da675c6212e0532451265b65.js"></script>
Save dalmoz/2f513f30da675c6212e0532451265b65 to your computer and use it in GitHub Desktop.

Download ZIP

A one-liner powershell script for testing if your station is infected by the CIA's Angelfire. Path known from: https://wikileaks.org/vault7/document/Angelfire-2_0-UserGuide/Angelfire-2_0-UserGuide.pdf

Raw

CheckAngelfire.ps1

if ((Get-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Windows').GetValue('SystemLookup')) {Write-Host "Angelfire found!"} else {Write-Host "Nothing"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment