2.Initial-enumeration

System Information:

systeminfo
ver
wmic qfe
wmic product get name
tasklist /svc
driverquery

Network Information:

ipconfig /all
netstat -ano
arp -a
route print
nslookup

User and Group Information:

whoami /all
whoami /priv
whoami /groups
net user
net user <username>
net localgroup
net localgroup <groupname>
query user
net accounts

File System and Environment:

dir
type
set
echo %PATH%
icacls
reg query

Scheduled Tasks:

schtasks /query /fo LIST /v

PowerShell Equivalents (Often more detailed):

Get-HotFix
Get-WmiObject Win32_Product | Select-Object Name, Version
Get-Service
Get-Process
Get-LocalUser
Get-LocalGroup
Get-ItemProperty
Get-ChildItem
Get-Acl
Get-ScheduledTask

Previous1.Situational-awareness Next3.Communication-with-processes

Last updated 8 months ago

hashtagSystem Information:

hashtagNetwork Information:

hashtagUser and Group Information:

hashtagFile System and Environment:

hashtagScheduled Tasks:

hashtagPowerShell Equivalents (Often more detailed):

System Information:

Network Information:

User and Group Information:

File System and Environment:

Scheduled Tasks:

PowerShell Equivalents (Often more detailed):