HACKERLOI
⏱ 5:00 remaining

Windows Basics & PowerShell

1 Global Definitions

  • Windows OS: The most widely used operating system for personal and enterprise environments, providing GUI and CLI tools for management.
  • PowerShell: A task automation and configuration management framework with a powerful command-line shell and scripting language built on .NET.
  • CMD vs PowerShell: CMD is the legacy command interpreter, while PowerShell is object-oriented, scriptable, and far more powerful.

1.1 Windows Basics

File System

Windows uses NTFS (New Technology File System) for permissions and data management.

  • Drive letters (C:\, D:\) represent storage partitions.
  • System files stored in C:\Windows.
  • User data stored in C:\Users\Username.

Task Manager

Monitors processes, memory, CPU, and network usage.

  • Shortcut: Ctrl + Shift + Esc
  • Can terminate unresponsive programs
  • Useful for detecting suspicious processes

Windows Registry

Hierarchical database for OS and application configuration.

  • Edited with regedit
  • Keys: HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER, etc.
  • Misconfiguration may break the system

1.2 PowerShell Basics

Cmdlets

PowerShell commands follow the Verb-Noun format.

  • Get-Process β†’ lists running processes
  • Get-Service β†’ lists Windows services
  • Stop-Process -Name notepad β†’ terminates process

Objects & Pipelines

PowerShell passes objects, not just text, through pipelines.

  • Get-Process | Sort-Object CPU -Descending
  • Get-Service | Where-Object {$_.Status -eq "Running"}

Aliases

PowerShell supports shortcuts for familiar CMD commands.

  • ls β†’ Get-ChildItem
  • cat β†’ Get-Content
  • dir β†’ Get-ChildItem

1.3 Advanced PowerShell Features

Remote Administration

PowerShell Remoting allows executing commands on remote systems.

  • Enter-PSSession -ComputerName SERVER01
  • Invoke-Command -ComputerName SERVER01 -ScriptBlock {Get-Process}

Scripting

PowerShell scripts use the .ps1 extension.

  • Example: Get-Date >> log.txt
  • Execution policy may need adjusting (Set-ExecutionPolicy)

Modules

Reusable libraries that extend PowerShell’s functionality.

  • Get-Module -ListAvailable β†’ view modules
  • Import-Module ActiveDirectory

1.4 Security & PowerShell

Logging & Auditing

PowerShell maintains detailed logs for security monitoring.

  • Windows Event Viewer β†’ Microsoft-Windows-PowerShell/Operational
  • Useful for incident response

Security Risks

Attackers often use PowerShell for exploitation.

  • Fileless malware execution
  • Privilege escalation
  • Persistence mechanisms

Hardening PowerShell

Restrict misuse by limiting access.

  • Use ConstrainedLanguage mode
  • Implement Just Enough Administration (JEA)
  • Restrict script execution with policies

1.5 Why Windows & PowerShell Matter

Windows dominates enterprise environments, making its security critical. PowerShell provides powerful automation and administrative capabilities but also poses risks if misused. Mastering PowerShell is essential for both system administrators and security professionals.