# Powershell ###### tags: `By_Ivan` ### Introduction Basically, it's a console for Windows environment which comes with remote access support. Powershell itself can run any shell command as well as additional functions added by additional modules. Theoretically, any information about the machine is accessable. However it is not guaranteed that powershell is the best solution, while ordinary shell script could be a simpler approach and is also supported in the console. ### Its capability - Security ``` execution policy file authorization user logged in AD, DC information ``` - Network ``` web service (.NET) Connection / Packet / Security VPN DnsClient ``` - Hardwares ``` Disk, Memory NetAdapter PNP entities (Monitor, mic, usb, Bluetooth, etc.) ``` - OS ``` jobs, processes, services kernel information Events / signals / exit codes Resources ``` - File system ``` File editing Policy ``` ### Available data about a process __NounName Name Handles VM WS PM NPM Path Company CPU FileVersion ProductVersion Description Product Id PriorityClass HandleCount WorkingSet PagedMemorySize PrivateMemorySize VirtualMemorySize TotalProcessorTime BasePriority ExitCode HasExited ExitTime Handle MachineName MainWindowHandle MainWindowTitle MainModule MaxWorkingSet MinWorkingSet Modules NonpagedSystemMemorySize NonpagedSystemMemorySize64 PagedMemorySize64 PagedSystemMemorySize PagedSystemMemorySize64 PeakPagedMemorySize PeakPagedMemorySize64 PeakWorkingSet PeakWorkingSet64 PeakVirtualMemorySize PeakVirtualMemorySize64 PriorityBoostEnabled PrivateMemorySize64 PrivilegedProcessorTime ProcessName ProcessorAffinity Responding SessionId StartInfo StartTime SynchronizingObject Threads UserProcessorTime VirtualMemorySize64 EnableRaisingEvents StandardInput StandardOutput StandardError WorkingSet64 Site Container ### Default Modules Support TL;DR 1. AppLocker 1. Appx 1. BestPractices 1. BitsTransfer 1. BranchCache 1. CimCmdlets 1. DirectAccessClientComponents 1. Dism 1. DnsClient 1. International 1. iSCSI 1. IscsiTarget 1. ISE 1. Kds 1. Microsoft.PowerShell.Diagnos 1. Microsoft.PowerShell.Host 1. Microsoft.PowerShell.Managem 1. Microsoft.PowerShell.Securit 1. Microsoft.PowerShell.Utility 1. Microsoft.WSMan.Management 1. MMAgent 1. MsDtc 1. NetAdapter 1. NetConnection 1. NetEventPacketCapture 1. NetLbfo 1. NetNat 1. NetQos 1. NetSecurity 1. NetSwitchTeam 1. NetTCPIP 1. NetworkConnectivityStatus 1. NetworkTransition 1. NFS 1. PcsvDevice 1. PKI 1. PrintManagement 1. PSDesiredStateConfiguration 1. PSDiagnostics 1. PSScheduledJob 1. PSWorkflow 1. PSWorkflowUtility 1. RemoteDesktop 1. ScheduledTasks 1. SecureBoot 1. ServerCore 1. ServerManager 1. ServerManagerTasks 1. SmbShare 1. SmbWitness 1. SoftwareInventoryLogging 1. StartScreen 1. Storage 1. TLS 1. TroubleshootingPack 1. TrustedPlatformModule 1. UserAccessLogging 1. VpnClient 1. Wdac 1. Whea 1. WindowsDeveloperLicense 1. WindowsErrorReporting 1. WindowsSearch