Scribd Logo
Upload

Welcome to Scribd!

  • Commands

    Uploaded by

    fanisds
    1 views1 page
    The document provides commands to view network sessions and connections using net view, net session, and netstat. It also lists commands to view running processes and their details using tasklist, wmic process, and ps aux. Commands are shown to search event logs using Get-WinEvent and filter for specific users or events. The document also enables a Windows optional feature and lists basic Linux commands like ls, locate, ip a, and ilof.

    Original Description:

    SDCSDC

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides commands to view network sessions and connections using net view, net session, and netstat. It also lists commands to view running processes and their details using tasklist, wmic process, and ps aux. Commands are shown to search event logs using Get-WinEvent and filter for specific users or events. The document also enables a Windows optional feature and lists basic Linux commands like ls, locate, ip a, and ilof.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views1 page

    Commands

    Uploaded by

    fanisds
    The document provides commands to view network sessions and connections using net view, net session, and netstat. It also lists commands to view running processes and their details using tasklist, wmic process, and ps aux. Commands are shown to search event logs using Get-WinEvent and filter for specific users or events. The document also enables a Windows optional feature and lists basic Linux commands like ls, locate, ip a, and ilof.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    net view

    net session / shows inbound SMB sessions


    netstat -naob
    netstat -f

    tasklist /svc
    tasklist /m
    tasklist /m /fi "pid eq -- "

    wmic process list full


    wmic process get name,parentprocessid,processid
    wmic process where processid=808 get commandline

    .\DeepBlue.ps1 .\evtx\many-events-system.evtx

    check specific userID who looks suspicious

    Get-WinEvent -FilterHashtable @{path=C:\Users\mikeg\Desktop\DeepBlueCLI-master\


    DeepBlueCLI-master\Webcast\security.evtx";id=4672} | where-object -Property Message
    -Match Mike.Ghahremani

    Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform

    ls -a

    locate sasquatch

    ps aux
    ip a

    ilof -i -P

    You might also like