Live Stream: Host Defense

For this livestream we are going to talk about commands to run on a host box to find a malicious actor. If you have a few you prefer, let me know what those are and I’ll see about adding them to the list. We’ll also talk a little about automating these checks using auto-typing USB options.

Live Stream Link:
April 7, 2020 at 10:00 Central Time

Instructions for this livestream:


Command Line:

  • systeminfo
  • wmic qfe list
  • wmic diskdrive list brief
  • wmic logicaldisk list brief
  • ipconfig -all
  • netstat -ano
  • arp -a
  • tasklist /v
  • net share
  • net user
  • query user


  • get-pnpdevice | select caption, manufacturer, description, present, deviceid, status
  • get-process
  • get-nettcpconnection
  • get-netudpendpoint
  • get-netneighbor
  • get-localuser

Porting wmic commands to ASCII

  • wmic <rest of the command> |more >> example.txt

Porting Powershell to ASCII

  • <powershell command> | Out-file -FilePath example.txt -Append -Encoding ascii
Scroll to Top