| Category | Tools / Commands | | ---------------------------------------- | ---------------------------------------------- | | **Manual** | | | Host info | `hostname` | | | `systeminfo` | | | `winver` | | | `Get-MpPreference` | | User info | `whoami`<br>`whoami /priv`<br>`whoami /groups` | | Users/Groups info | [[net]] - Users and Groups | | Logged-on Users and Sessions | `queryuser` or `quser` | | | `tasklist /v` | | Environment and Registry | [[reg]] | | Network info | `arp -A` | | | `ipconfig /all` | | | `route PRINT` | | | `netstat -ano` | | Process info | `ps` | | Service info | [[wmic]] - CMD, PS | | | [[Get-Service]] - PS | | | [[sc]] | | | [[icacls]] | | | [[schtasks]] | | [[AlwaysInstallElevated]] | msiexec | | [[Hardcoded Sensitive Information]] | | | [[Unattended Files]] | | | [[Credential Manager]] | | | [[Attacking Windows Credential Manager]] | [[Mimikatz]] | | [[Unquoted Service Paths]] | [[icacls]] | | [[Unquoted Service Paths 2]] | | | [[Misconfigured Service Permissions]] | accesschk.exe | | [[Misconfigured Service Permissions 2]] | | | [[SeBackup & SeRestore]] | | | [[SeTakeOwnership]] | | | [[SeImpersonate & SeAssignPrimaryToken]] | [[incognito.exe]]<br>[[PrintSpoofer64.exe]] | | **Automated** | [[winPEAS]] | | | [[PowerUp.ps1]] |