WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
Windows ATP (Advanced Threat Protection) will come up as “Windows Defender”. To know if ATP is installed check reg key : HKLM\SOFTWARE\Microsoft\ Windows Advanced Threat Protection\Status
or in PS : Get-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\ Windows Advanced Threat Protection\Status”
Here is a link of a more complete script to check full details of Windows ATP : https://www.verboon.info/2019/02/check-windows-defender-atp-client-status-with-powershell/
other intesesting commands are
whoami /all
systeminfo or
systeminfo | findstr /B /C:”OS Name” /C:”OS Version”
driverquery
and so many more : Here is a great list : https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
2
Recent Comments