Improving functionality of Open Source BOFs
OperatorsKit
https://github.com/fyxme/OperatorsKit
Original source: https://github.com/REDMED-X/OperatorsKit/
EnumDrives BOF
- NETWORK drives will now find and print the mapped network share
- add Makefile for compiling on linux via mingw
Before:
DRIVE TYPE
==========================================
C:\ [Fixed drive]
N:\ [Network drive]
After:
DRIVE TYPE
==========================================
C:\ [Fixed drive]
N:\ [Network drive] \\web01.fyxme.local\webserver\wwwEnumSecProducts BOF
- expanded software list from 130 to 150 security tools
- added improved output with pid and procname for identified security tools
- add Makefile for compiling on linux via mingw
The BOF has been modified to include the process id (pid) and the filename of the security process it flagged.
Before:
Description Category
==============================================================
Windows Defender AV
Microsoft Security Essentials AV
After:
Category Pid Filename Description
==============================================================
AV 1688 msmpeng.exe Windows Defender
AV 3240 nissrv.exe Microsoft Security EssentialsEnumTaskScheduler BOF
- Find and print command arguments for each scheduled task that runs an executable
- add Makefile for compiling on linux via mingw
Before:
[+] Scheduled tasks in root folder:
=======================================================
Task Name: Daily Reboot
- Task running as: ahomer
- Action type: Start a program
- Executable path: C:\Windows\System32\cmd.exe
- Trigger type: Daily
----------------------------------------------------
After:
[+] Scheduled tasks in root folder:
=======================================================
Task Name: Daily Reboot
- Task running as: ahomer
- Action type: Start a program
- Executable path: C:\Windows\System32\cmd.exe
- Command Arguments: /c "shutdown /r /t 0"
- Trigger type: Daily
----------------------------------------------------