Posts

Showing posts from June, 2012

toolsmith: Security Investigations with PowerShell

Image
Prerequisites Windows, ideally Windows 7 or Windows Server 2008 R2 as PowerShell is native There are 32-bit & 64bit versions of PowerShell for Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 as well.
Introduction Windows power users have long sought strong fu at the command line. In the beginning, Bill said “Let there be shell.” And lo, there was command.com and cmd.exe. Then Jim said, there must be scripting support and automation, and thus the likes of Windows Script Host and WMIC were brought to light. But alas, there were challenges; no shell integration, no interoperability. Then unto thee was delivered the shell prophet Monad (see the Monad Manifesto), later renamed Window PowerShell in 2006. In a nutshell, PowerShell is powerful. Alright, enough of the PowerShell parable. Really though, any sysadmin running modern Windows platforms is likely using or has used PowerShell. Full disclosure: I work for Microsoft. But before you write me off as just being …