Introducing Powershell : A scripting tool
Welcome back guys in the series of “security analysis 101" where we deal with logs and security incidents, solve pattern and finds solution.
Introduction
Today in this blog we will cover what is powershell ? what are types of it ?, and why we use it and where we use it ?
Let’s start with definition of powershell.
What is powershell ?
From Microsoft official – “PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes”.
PowerShell is based on object not text. The output of a command is an object. You can send the output object, through the pipeline, to another command as its input. This pipeline provides a familiar interface for people experienced with other shells. PowerShell extends this concept by sending objects rather than text.
Now we are clear with it. Let’s see it’s types:
What are types of Powershell ?
- PowerShell or PowerShell Core This is the current/latest version and built on .NET core framework. It’s open-source and run on Windows, Linux, macOS and ARM. The latest version is PowerShell 7 and main focus is making it a viable replacement for Windows PowerShell 5.1.
2. Windows PowerShell
This is a legacy version and built on the .NET Framework and only worked on Windows systems. This is default installed on Windows systems and the latest version is 5.1.
Why we use Powershell ?
We use PowerShell because, it combines the flexibility of a scripting language with the command-line power of Bash or CMD. It provides access to a wealth of system management tools, from managing processes to handling services, logs, and network configurations. there are mainly 3 reasons where we should use it.
Automation: Execute repetitive tasks using scripts.
Customization: Easily modify commands to suit specific needs.
Integration: It integrates with cloud services like Azure.
Now, we are clear that why we use Powershell. Let’s see where we use and how can we execute powershell.
Where we use Powershell ?
Local Machine- Simplest way is to launch PowerShell via the start menu, select Windows PowerShell or PowerShell 7.
Remote Machine – Configure PowerShell remoting in your environment then you run commands on the remote machine as shown below.
Execution of PowerShell Command in PS Remoting.
Conclusion
Hey guys we are completed powershell topic in broad manner Now, we are are ready to use in real scenarios.
In next blog, I will show you top 50 useful Powershell commands that every security analyst must knew before investigation.
See you in next blog, till stay tune and live healthy life.
