Skip to content

secnnet/AMSI-Scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Get-AMSIEvent.ps1
Get-AMSIEvent.ps1
 
 
Get-AMSIScanResult.ps1
Get-AMSIScanResult.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AMSI Scripts

PowerShell scripts for AMSI operations.

Prerequisites:

  • Windows OS
  • PowerShell (v5.1+)
  • Admin privileges (for some tasks)

Usage:

  1. Clone/download repo.
  2. Open PowerShell in script directory.
  3. Run desired script:
    • .\Send-AmsiContent.ps1: Scan content via AMSI.
    • .\Get-AMSIEvent.ps1 -Path <trace_path>: Parse AMSI ETW trace.
    • .\Get-AMSIScanResult.ps1 -Interactive: Interactive mode.
    • .\Get-AMSIScanResult.ps1 -File <input_file_path> -StandardAppName <app_name>: File mode.

Notes:

  • Run with elevated permissions if needed.
  • Understand implications before content scanning.
  • Scripts are as-is; use at your own risk.

Credits:

Scripts modified from Matt Graeber's work at Red Canary. See Microsoft for AMSI details.

License:

MIT

About

No description or website provided.

Topics

incident-response etw powershell-scripts threat-analysis security-tools malware-detection amsi content-scanning antivirus-integration powershell-security

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages