Skip to content

ktwombley/Find-Addins

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Find-Addins.ps1
Find-Addins.ps1
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

Find-Addins

Find Office addins installed by your users. It includes COM Addins, VSTO Addins, and Web Addins.

Description

Find-Addins checks the registry and scans user %APPDATA% folders looking for Office Add-Ins.

Use it to detect unexpected Add-Ins; such as those installed by a malicious user. See Technique 3 in Covert Attack Mystery Box: A Few Novel Techniques for Exploiting Microsoft Features

For best results, run as a user with Administrator privileges. When run as an unprivileged user, Find-Addins.ps1 will only reliably find Addins either installed for the current user or all users.

Examples

Find-Addins.ps1

Find-Addins.ps1 -OutPath C:\Temp\addinscan.csv

Thanks

  • Thanks to @dafthack and @ustayready for exposing the need for a script like this (and the awesome talk at Wild West Hackin Fest 2018)
  • Swamprat
  • LadyCoder2098
  • @chono91
  • @captaingig
  • Friend who forbid me from crediting them

About

Find Office Add-Ins

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages