CtrlK

LinkedIn Github

Enumerating Security Controls

Windows Defender Status

Get-MpComputerStatus

Command:
```
Get-MpComputerStatus
```
Result: Checks the status of Windows Defender Anti-Virus on a Windows-based host.

AppLocker Policies

Get-AppLockerPolicy

Command:

Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections

Result: Retrieves AppLocker policies from a Windows-based host.

PowerShell Language Mode

PowerShell Language Mode Enumeration

Command:

$ExecutionContext.SessionState.LanguageMode

Result: Determines the PowerShell Language Mode in use on a Windows-based host.

LAPS (Local Administrator Password Solution) Enumeration

Find-LAPSDelegatedGroups

Command:
```
Find-LAPSDelegatedGroups
```
Result: Discovers LAPS Delegated Groups from a Windows-based host.

Find-AdmPwdExtendedRights

Command:
```
Find-AdmPwdExtendedRights
```
Result: Checks the rights on each computer with LAPS enabled for any groups with read access and users with "All Extended Rights."

Get-LAPSComputers

Command:
```
Get-LAPSComputers
```
Result: Searches for computers with LAPS enabled, discovers password expiration, and retrieves randomized passwords from a Windows-based host.

PreviousEnumeration by Living Off the Land NextTools & Techniques

Last updated 5 months ago