[go: up one dir, main page]
Scribd
Upload
360 views1 page

CMD and PowerShell Commands For Cybersecurity Analyst

The document provides a list of Cmd and PowerShell commands useful for cybersecurity analysts. It includes commands for networking information, running processes, user accounts, startup programs, and more, along with their descriptions. Each command is aimed at detecting unusual activities, malware, or backdoors in a system.

Uploaded by

Fooz fooz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
360 views1 page

CMD and PowerShell Commands For Cybersecurity Analyst

The document provides a list of Cmd and PowerShell commands useful for cybersecurity analysts. It includes commands for networking information, running processes, user accounts, startup programs, and more, along with their descriptions. Each command is aimed at detecting unusual activities, malware, or backdoors in a system.

Uploaded by

Fooz fooz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Cmd and PowerShell Commands for Cybersecurity Analysts in/harunseker/

No Category Command Description

Displays detailed network configuration, including IP


1 Networking Information ipconfig /all addresses and MAC addresses
Open and Listening Ports
(to detect backdoors and Lists all active connections and listening ports with their
2 beaconing) netstat -ano associated process IDs (PIDs)
Running Processes
3 (to detect malware or backdoors) tasklist Displays all running processes along with their PIDs
User Accounts
4 (to identify unusual accounts) net user Lists all user accounts on the local system
Startup Programs
5 (to detect malicious files) wmic startup get caption, command Lists programs that start at boot
Running Services
6 (to identify malicious services) net start Lists currently running services
7 All Services sc query state=all Lists all services, including their status
Get-NetIPConfiguration and Provides network-related information similar to ifconfig in
8 Network Configuration (PowerShell) Get-NetIPAddress CMD
9 Local Users (PowerShell) Get-LocalUser Lists all local users on the system
Retrieves detailed information about a specific user
10 Specific User Info (PowerShell) Get-LocalUser -Name Seker | select * account
Get-Service | Where Status -eq
11 Running Services (PowerShell) "Running" | Out-GridView Displays running services in a grid view window
Get-Process | Format-Table -View
12 Process Priority (PowerShell) priority Groups running processes by their priority value
13 Specific Process Info (PowerShell) Get-Process -Id 'idhere' | Select * Retrieves all properties for a specific process by ID
14 Scheduled Tasks (PowerShell) Get-ScheduledTask Lists all scheduled tasks on the system
Specific Scheduled Task Info Get-ScheduledTask -TaskName
15 (PowerShell) 'PutANameHere' | Select * Retrieves all properties for a specific scheduled task
Get-FileHash -Path 'C:\path\to\file' Calculates the hash of a specified file using the SHA256
16 File Hash (PowerShell) -Algorithm SHA256 algorithm

You might also like