2. System Awareness

• Very important to gather information and be aware of our system.
• Key pieces of information:

- Username and hostname
- Group memberships of the current user
- Existing users and groups
- Operating system, version and architecture
- Network information
- Installed applications
- Running processes

• Key Windows commands for awareness:

whoami
whoami /groups
net user ... Get-LocalUser
net localgroup ... Get-LocalGroup
Get-LocalGroupMember ... net localgroup "<admingroup>"
systeminfo
ipconfig /all
route print
netstat -ano
reg query "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname
Get-Process

Check if current user is part of Administrator group:

([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrentAdministrator

Enumerate .NET version in Powershell:

Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name version -EA 0 | Where { $_.PSChildName -Match '^(?!S)\p{L}'} | Select PSChildName, version