Top 50 Powershell commands for security analyst : Part 2

Welcome back in the series of “security analysis 101" where we understand things and solve patterns in them with easy solution. Let’s start with introduction first.

Introduction

Here I will cover other 25 remaining Powershell commands which we couldn’t cover in last blog due to long content.

Software and Package Management

26. Get-WmiObject: Fetches installed software information.

Get-WmiObject -Class Win32_Product

27. Install-Package: Installs a software package using a package manager like Chocolatey.

Install-Package -Name "GoogleChrome"

28. Uninstall-Package: Uninstalls a software package.

Uninstall-Package -Name "GoogleChrome"

29. Get-Package: Lists installed software packages.

Get-Package

30. Update-Help: Updates the PowerShell help system.

Update-Help

Security and Execution Policy

31. Get-ExecutionPolicy: Shows the current execution policy for scripts.

Get-ExecutionPolicy

32. Set-ExecutionPolicy: Sets the script execution policy.

Set-ExecutionPolicy RemoteSigned

33. Get-Acl: Retrieves the security descriptor for a file or folder.

Get-Acl -Path "C:\Path"

34. Set-Acl: Sets permissions on a file or folder.

Set-Acl -Path "C:\Path" -AclObject $acl

35. Get-AuthenticodeSignature: Retrieves digital signature information from a file.

Get-AuthenticodeSignature -FilePath "C:\Path\file.exe"

Miscellaneous Commands

36. Clear-Host: Clears the PowerShell screen.

Clear-Host

37. Out-File: Sends output to a file.

Get-Process | Out-File -FilePath "C:\Processes.txt"

38. Measure-Object: Calculates properties of objects, such as file sizes.

Measure-Object -Property Length -Sum

39. Start-Process: Starts a new process.

Start-Process "notepad.exe"

40. Stop-Process: Stops a running process.

Stop-Process -Name "notepad"

41. Get-Date: Retrieves the current system date and time.

Get-Date

42. Restart-Computer: Restarts the local or a remote computer.

Restart-Computer -ComputerName "Server01"

43. Stop-Computer: Shuts down the local or a remote computer.

Stop-Computer -ComputerName "Server01"

44. Invoke-WebRequest: Retrieves data from a web page or web service.

Invoke-WebRequest -Uri "https://example.com"

45. Export-Csv: Exports objects to a CSV file.

Get-Process | Export-Csv -Path "C:\Processes.csv" -NoTypeInformation

46. ConvertTo-Json: Converts an object to JSON format.

Get-Process | ConvertTo-Json

47. Select-String: Searches for text patterns in strings or files.

Select-String -Path "C:\Logs\log.txt" -Pattern "Error"

48. Get-Command: Lists all available PowerShell cmdlets, functions, workflows, aliases, etc.

Get-Command

49. Start-Transcript: Records a session of PowerShell commands and output.

Start-Transcript -Path "C:\Logs\transcript.txt"

50. Stop-Transcript: Stops the recording of the session started by Start-Transcript.

Stop-Transcript

Conclusion

By mastering these 50 commands, that significantly enhance my productivity and effectiveness in handling various security tasks during incident response practices.

Thank you to read all blog if you didn’t check part 1 you definitely check ✔️ it . If you like my content follow me and give clap 👏 that helps me be motivated.