Choose Your Own Red Team Adventure: tasklist, reg, and net commands
This is a continuation of a Choose Your Own Red Team Adventure series. If you don’t know how you got here, start at the beginning. Otherwise, continue reading …
You prefer old school commands because you know that running PowerShell is a questionable approach these days; so many EDR products flag its use.
You run “tasklist”, and out comes a list of process names and IDs. You notice many you recognize, some you don’t — you’ll have to Google them and figure out what they may be later.
Then you run a whole series of “reg” commands — you use a script that you always use to do this, because you can’t possibly remember all of the registry keys that you need to query. One by one, you get the output and drop it into a folder to analyze.
Then you run a few net commands, including “net start” to get a list of all of the Windows services to run.
You also run a few “dir” commands to locate common folders for applications that may be installed.
