search
githubEdit

Enumeration

hashtag
1) System Information

Get-WmiObject -Class Win32_OperatingSystem | Select-Object -Property *

hashtag
2) Network Configuration

Get-NetIPConfiguration | Select-Object -Property InterfaceAlias, IPv4Address, IPv6Address, DNServer

hashtag
3) List running processes

Get-Process | Select-Object -Property ProcessName, Id, CPU | Sort-Object -Property CPU -Descending

hashtag
4) Access event logs for anomalies

Get-EventLog -LogName Security | Where-Object {$_.EntryType -eq 'FailureAudit'}

hashtag
5) Domain Users

Get-ADUser -Filter * -Properties * | Select-Object -Property Name, Enabled, LastLogonDate

hashtag
6) Get service status

Get-Win32Service

hashtag
7) Hidden Registry Keys or Values

ls NtKeyUser:\SOFTWARE -Recurse | Where-Object Name -Match "`0"
PreviousCredential ExtractionNextEvasion and Stealth

Last updated