Skip to content

Instantly share code, notes, and snippets.

View nafai's full-sized avatar

Joel Roth nafai

1 follower · 0 following
View GitHub Profile
@nafai
nafai / Update-CodeIntegrityBootPolicy.ps1
Created May 18, 2023 17:21
# Joel Roth 2023
[CmdletBinding()]Param(
[string]$UpdateFile = "$env:SystemRoot\System32\SecureBootUpdates\SKUSiPolicy.p7b",
[string]$UpdateHash = "8870483E0E833965A53F422494F1614F79286851"
)
# Validate update file's hash against the expected one
Try
{
@nafai
nafai / Check-Dbx.ps1
Last active May 18, 2023 16:15 — forked from out0xb2/Check-Dbx.ps1
Parses signature data from the pk, kek, db, and dbx UEFI variables.
[CmdletBinding()]Param(
[Parameter(ParameterSetName = 'Filename')]
[string]$Filename,
[Parameter(ParameterSetName = 'Base64')]
[string]$Base64
)
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
@nafai
nafai / view_fim.xml
Created February 12, 2020 21:19
<ViewerConfig>
<QueryConfig>
<QueryParams>
<UserQuery />
</QueryParams>
<QueryNode>
<Name LanguageNeutralValue="File integrity monitoring">File integrity monitoring</Name>
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (EventID=4656)]][EventData[Data[@Name='ObjectType']='File']][EventData[band(Data[@Name='AccessMask'],2)] or EventData[band(Data[@Name='AccessMask'],4)]]</Select>