Recon - Initial Access

• https://github.com/dafthack/HostRecon/blob/master/HostRecon.ps1

• https://gist.github.com/egre55/db41cc2df355e8591eacff561facf34e

Who we are

whoami /fqdn
whoami /upn
whoami

What are our privileges and which group do we belong to

whoami /priv
whoami /groups
whoami /all

Systeminfo

systeminfo
hostname

Hotfix and KB information

wmic qfe get Caption,Description,HotFixID,InstalledOn

Antivirus Status

Which users/localgroups are on the machine

Crosscheck local and domain groups too

Network information

Network shares

Logged on users

File - Directory enumerations

Recursive string scan

To list all the files recursively

Search for writeable directories

Running processes

Service related things

To check permissions of us on service vulnsvc