Untitled

 avatar
unknown
plain_text
6 months ago
940 B
8
Indexable
Windows Network Connection Analysis
# ================================================================

# 1. Get all TCP Connections with detailed information
Get-NetTCPConnection | Select-Object CreationTime,LocalAddress,LocalPort,RemoteAddress,RemotePort,State,OwningProcess | Format-Table -AutoSize

# 2. Get process information for suspicious connections
Get-Process | Where-Object {$_.Id -in (Get-NetTCPConnection).OwningProcess} | Select-Object Id,ProcessName,Path

# 3. Check listening ports
netstat -nao | findstr "LISTENING"

# 4. Active connections with process names
netstat -nabf

# 5. Look for established connections
netstat -n | findstr "ESTABLISHED"

# Additional investigation commands:
# Check running services
Get-Service | Where-Object {$_.Status -eq "Running"} | Format-Table -AutoSize

# Event Log analysis for remote access
Get-WinEvent -FilterHashtable @{
    LogName='Security'
    ID=4624,4625,4648
} -MaxEvents 50
Editor is loading...
Leave a Comment