Powershell: Some Must-Know Commands for Cyber-Folk
These Powershell commands are popular among cyber security folk. You must know these!
Here are some must-know PowerShell commands for cyber security professionals:
- Get-Process: This command allows you to view information about the processes running on a Windows computer. This can be useful for identifying malicious processes and terminating them.
- Get-NetTCPConnection: This command allows you to view information about TCP connections on a Windows computer. This can be useful for identifying suspicious network activity.
- Get-EventLog: This command allows you to view event logs on a Windows computer. This can be useful for identifying security-related events and troubleshooting issues.
- Get-NetAdapter: This command allows you to view information about network adapters on a Windows computer. This can be useful for identifying network-related issues and troubleshooting connectivity problems.
- Get-WmiObject: This command allows you to retrieve information from Windows Management Instrumentation (WMI) on a Windows computer. This can be useful for gathering system information and identifying security-related events.
- Test-NetConnection: This command allows you to test network connectivity between two computers. This can be useful for troubleshooting network connectivity issues and identifying potential security risks.
- Get-Acl: This command allows you to view the access control list (ACL) for a file or folder on a Windows computer. This can be useful for identifying potential security risks and ensuring that the correct permissions are in place.
- Set-ExecutionPolicy: This command allows you to set the execution policy for PowerShell scripts on a Windows computer. This can be useful for securing your environment and preventing malicious scripts from running. My absolute go-to command!
- ConvertTo-SecureString: This command allows you to convert a plain text string to a secure string. This can be useful for securely storing passwords and other sensitive information.
- Set-ItemProperty: This command allows you to set a property value for a registry key on a Windows computer. This can be useful for configuring security-related settings and making changes to the system registry.
These are just a few of the many PowerShell commands that can be useful for cyber security professionals. By mastering these commands, you can enhance your security skills and become more effective in your role.