GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → woanware → wmi-parser

woanware / wmi-parser

Licence: other
Parses the WMI object database....looking for persistence

Programming Languages

C#
18002 projects

wmi-parser

TLDR

There is nothing new here! It is just a rewrite of @DavidPany excellent work into WMI parsing. The original pythin code can be found here:

https://github.com/davidpany/WMI_Forensics

Background

I need WMI parsing for autorunner, so converted the original python code to C#, and thought it might as well be available as a standalone tool. The only added feature is CSV export

Example

.\wmi-parser.exe -i .\OBJECTS.DATA

wmi-parser v0.0.1

Author: Mark Woan / woanware ([email protected])
https://github.com/woanware/wmi-parser

  SCM Event Log Consumer-SCM Event Log Filter - (Common binding based on consumer and filter names,  possibly legitimate)
    Consumer: NTEventLogEventConsumer ~ SCM Event Log Consumer ~ sid ~ Service Control Manager

    Filter:
      Filter Name : SCM Event Log Filter
      Filter Query: select * from MSFT_SCMEventLogEvent

  BadStuff-DeviceDocked

    Name: BadStuff
    Type: CommandLineEventConsumer
    Arguments: powershell.exe -NoP Start-Process ('badstuff.exe')

    Filter:
      Filter Name : DeviceDocked
      Filter Query: SELECT * FROM Win32_SystemConfigurationChangeEvent
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].