Top 50 Powershell commands for security analyst : Part 1
Welcome back in the series of “security analysis 101" where we understand things and solve patterns in them with easy solution. Let’s start with introduction first.
Introduction
In this blog I will cover top 50 commands of powershell which are used by security analyst in day to day tasks.
I have divided this topic in two part of 25 - 25 commands each. Here we will see 25 commands.
System Information Commands
- Get-Process: Lists all running processes.
Get-Process
2. Get-Service: Retrieves the status of services.
Get-Service
3. Get-ComputerInfo: Displays detailed information about your system.
Get-ComputerInfo
4. Get-EventLog: Fetches system, application, or security logs.
Get-EventLog -LogName System
5. Get-Help: Provides detailed help on any PowerShell command.
Get-Help Get-Process
File and Folder Management
6. Get-ChildItem: Lists all files and directories within a path.
Get-ChildItem C:\Path
7. New-Item: Creates new files or directories.
New-Item -Path "C:\Path\NewFolder" -ItemType Directory
8. Remove-Item: Deletes files or directories.
Remove-Item -Path "C:\Path\file.txt"
9. Copy-Item: Copies files and directories from one location to another.
Copy-Item -Path "C:\Path\file.txt" -Destination "D:\Backup"
10. Move-Item: Moves files or directories.
Move-Item -Path "C:\Path\file.txt" -Destination "D:\Archive"
Network Management
11. Test-Connection: Tests network connectivity, similar to the ping command.
Test-Connection -ComputerName google.com
12. Get-NetIPAddress: Retrieves IP address configuration on the system.
Get-NetIPAddress
13. Get-NetAdapter: Displays network adapter information.
Get-NetAdapter
14. Get-DnsClientCache: Retrieves the DNS client cache.
Get-DnsClientCache
15. Set-DnsClientServerAddress: Changes the DNS server for a network adapter.
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses "8.8.8.8"
Task Automation and Scheduling
16. Start-ScheduledTask: Starts a scheduled task.
Start-ScheduledTask -TaskName "MyTask"
17. Get-ScheduledTask: Lists all scheduled tasks.
Get-ScheduledTask
18. New-ScheduledTask: Creates a new scheduled task.
New-ScheduledTaskTrigger -Daily -At 8AM
19. Unregister-ScheduledTask: Deletes a scheduled task.
Unregister-ScheduledTask -TaskName "OldTask"
20. Set-ScheduledTask: Modifies an existing scheduled task.
Set-ScheduledTask -TaskName "MyTask" -Trigger $trigger
User and Permissions Management
21. Get-LocalUser: Retrieves all local users on the system.
Get-LocalUser
22. New-LocalUser: Creates a new local user.
New-LocalUser -Name "JohnDoe" -Password (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force)
23. Remove-LocalUser: Deletes a local user account.
Remove-LocalUser -Name "JohnDoe"
24. Get-LocalGroup: Lists all local groups.
Get-LocalGroup
25. Add-LocalGroupMember: Adds a user to a local group.
Here we have learn usage of powershell commands. We will continue this blog with part 2 in next blog. Till then stay tune, happy learning…
