3.Communication-with-processes

Network Enumeration:

netstat -ano
Get-NetTCPConnection | Where-Object {$_.State -eq "Listen"}
Get-NetUDPEndpoint

Process Enumeration:

tasklist /svc
Get-Process
Get-Process | Where-Object {$_.UserName -like "*SYSTEM*"}

Named Pipes:

pipelist.exe /accepteula
gci \\.\pipe\
accesschk.exe /accepteula \\.\Pipe\<pipename> -v
accesschk.exe /accepteula \pipe\* -v
accesschk.exe -w \pipe\* -v
accesschk.exe -accepteula -w \pipe\<pipename> -v

Service Enumeration:

Get-Service
Get-Service | Select-Object Name, StartType, Status

Previous2.Initial-enumeration Next2.Windows User Privileges

Last updated 2 months ago