1
00:00:00,340 --> 00:00:01,830
[Autogenerated] So let's go back onto our

2
00:00:01,830 --> 00:00:03,810
Windows 10 machine on. We'll look at how

3
00:00:03,810 --> 00:00:06,060
we execute some of the basic w my

4
00:00:06,060 --> 00:00:12,360
commands. Okay, so we're back on the

5
00:00:12,360 --> 00:00:13,760
Windows 10 machine, and I've already

6
00:00:13,760 --> 00:00:16,070
launched the windows terminal and actually

7
00:00:16,070 --> 00:00:17,810
have two tabs open now in the windows

8
00:00:17,810 --> 00:00:20,000
terminal. When we choose the menu, we get

9
00:00:20,000 --> 00:00:21,730
windows PowerShell and of course, windows

10
00:00:21,730 --> 00:00:23,800
PowerShell seven. And the reason I wanted

11
00:00:23,800 --> 00:00:26,250
to do this is to kind of show you the

12
00:00:26,250 --> 00:00:28,210
difference between the two. Now, first

13
00:00:28,210 --> 00:00:33,510
off, if I type in, get W my object, it

14
00:00:33,510 --> 00:00:36,140
kind of auto fills that for me. And then

15
00:00:36,140 --> 00:00:37,960
what we'll do is just do a simple thing.

16
00:00:37,960 --> 00:00:42,240
So class and I'll say win 32 underscore

17
00:00:42,240 --> 00:00:44,250
process, and we'll just end to that. So

18
00:00:44,250 --> 00:00:46,220
that gives me I'm not gonna wait for that

19
00:00:46,220 --> 00:00:48,440
to finish. I'm just gonna kinda kill that.

20
00:00:48,440 --> 00:00:50,590
But you notice that that cmdlet executed

21
00:00:50,590 --> 00:00:52,760
perfectly fine. Now what I'm gonna do, he

22
00:00:52,760 --> 00:00:55,370
is just copy this command. I'm gonna go to

23
00:00:55,370 --> 00:00:57,700
my PowerShell seven and paste that in and

24
00:00:57,700 --> 00:01:00,240
then choose enter and notice what happens

25
00:01:00,240 --> 00:01:02,900
in the PowerShell seven side. The W M I

26
00:01:02,900 --> 00:01:06,380
object commands don't actually exist in

27
00:01:06,380 --> 00:01:08,840
PowerShell. Seven. They're not part off

28
00:01:08,840 --> 00:01:10,620
the PowerShell call, so that's an

29
00:01:10,620 --> 00:01:12,060
important thing to member. So as we talk

30
00:01:12,060 --> 00:01:14,940
about WMD commands and executing them,

31
00:01:14,940 --> 00:01:17,480
it's really focused on Windows PowerShell,

32
00:01:17,480 --> 00:01:19,130
which is the one that's provided by

33
00:01:19,130 --> 00:01:21,770
Windows 10 or your operating system. And

34
00:01:21,770 --> 00:01:23,730
then Windows seven is the updated one that

35
00:01:23,730 --> 00:01:26,480
you download and add to your machine. So

36
00:01:26,480 --> 00:01:28,160
let's kind of talk about executing these

37
00:01:28,160 --> 00:01:30,500
processes then. So some of the commands,

38
00:01:30,500 --> 00:01:33,170
of course, as you notice we just did the

39
00:01:33,170 --> 00:01:35,600
GitHub e m I objects. If I just enter

40
00:01:35,600 --> 00:01:37,670
that, it's gonna ask me for the class,

41
00:01:37,670 --> 00:01:40,480
which is the most common property now what

42
00:01:40,480 --> 00:01:44,430
we can do member when utilizing PowerShell

43
00:01:44,430 --> 00:01:46,620
is we can actually say get help and then

44
00:01:46,620 --> 00:01:48,780
pass the command that we wish to get the

45
00:01:48,780 --> 00:01:51,200
help for on what this will do is give us a

46
00:01:51,200 --> 00:01:53,430
list of the properties that are available

47
00:01:53,430 --> 00:01:55,380
so that we can then determine how we wish

48
00:01:55,380 --> 00:01:57,980
to execute this command. So, as you can

49
00:01:57,980 --> 00:02:00,270
see, there's a whole host of different

50
00:02:00,270 --> 00:02:02,630
types of properties that are available

51
00:02:02,630 --> 00:02:05,950
running things such as amended list or

52
00:02:05,950 --> 00:02:07,800
retrieving specific properties, passion,

53
00:02:07,800 --> 00:02:10,180
credentials, etcetera. So let's get rid of

54
00:02:10,180 --> 00:02:12,280
that and would actually look at running

55
00:02:12,280 --> 00:02:15,240
this command just to retrieve some basic

56
00:02:15,240 --> 00:02:17,470
information. So the first thing I want to

57
00:02:17,470 --> 00:02:20,240
do is actually just retrieve a list off

58
00:02:20,240 --> 00:02:22,490
the W my classes that are available now.

59
00:02:22,490 --> 00:02:25,680
This list goes on for ages and ages and

60
00:02:25,680 --> 00:02:27,680
ages. As you can see it going on here,

61
00:02:27,680 --> 00:02:30,430
this returns back all of the classes that

62
00:02:30,430 --> 00:02:32,690
are available inside that default name

63
00:02:32,690 --> 00:02:34,780
space. If we scroll all the way up here,

64
00:02:34,780 --> 00:02:36,350
I'm going to go to my scroll and just go a

65
00:02:36,350 --> 00:02:38,820
bit further. You can see that we've got

66
00:02:38,820 --> 00:02:40,590
same underscore ones that we looked at

67
00:02:40,590 --> 00:02:43,210
previously and then win 32 options as

68
00:02:43,210 --> 00:02:47,310
well. So what we can do is without having

69
00:02:47,310 --> 00:02:50,240
to go through all of those. I could go

70
00:02:50,240 --> 00:02:55,520
back and say class and then I can type Win

71
00:02:55,520 --> 00:02:58,520
32 underscore. And then, of course, what I

72
00:02:58,520 --> 00:03:00,770
could do. We say, I just want to look for

73
00:03:00,770 --> 00:03:03,950
the wind 32 versions and do that now.

74
00:03:03,950 --> 00:03:06,000
Notice what happens. It says there's an

75
00:03:06,000 --> 00:03:09,110
invalid query in trying to retrieve that

76
00:03:09,110 --> 00:03:11,190
information, and that's perfect because

77
00:03:11,190 --> 00:03:14,310
the class parameter doesn't accept kind of

78
00:03:14,310 --> 00:03:16,980
a wild card type search. So how do we get

79
00:03:16,980 --> 00:03:19,040
the list of all of them? Well, what we can

80
00:03:19,040 --> 00:03:21,340
do is go back to the W my object option.

81
00:03:21,340 --> 00:03:24,610
That's their we can say list, which we

82
00:03:24,610 --> 00:03:26,450
want to do. And then we actually going to

83
00:03:26,450 --> 00:03:29,760
do a pipe command and push that out. So

84
00:03:29,760 --> 00:03:31,560
using the pipe commander means that what

85
00:03:31,560 --> 00:03:34,960
comes back in the w my object list, we're

86
00:03:34,960 --> 00:03:37,620
going to pass to somewhere else. Then I'm

87
00:03:37,620 --> 00:03:40,300
going to say where object on the where

88
00:03:40,300 --> 00:03:42,130
Objects syntax. Obviously he's wrapped

89
00:03:42,130 --> 00:03:45,100
around with curly brackets. I'm gonna do

90
00:03:45,100 --> 00:03:47,670
dollar underscore dot Which means that's

91
00:03:47,670 --> 00:03:50,010
going to no iterate the properties that

92
00:03:50,010 --> 00:03:53,140
are available I'll do a match on this one,

93
00:03:53,140 --> 00:03:56,230
and then what we'll do is I can do some

94
00:03:56,230 --> 00:04:00,720
syntax here to retrieve what I'm looking

95
00:04:00,720 --> 00:04:02,170
for. So I'm gonna look for something that

96
00:04:02,170 --> 00:04:05,210
has win 32 with it. Now, when I enter that

97
00:04:05,210 --> 00:04:07,090
option, you can see it keep scrolling

98
00:04:07,090 --> 00:04:08,720
because there's loads off them. So let me

99
00:04:08,720 --> 00:04:11,690
just kill that one. But if I go back

100
00:04:11,690 --> 00:04:13,480
towards the top of the list here and

101
00:04:13,480 --> 00:04:17,140
scroll, you can see what we're looking at.

102
00:04:17,140 --> 00:04:19,840
So let's go further to the top. There we

103
00:04:19,840 --> 00:04:23,690
do. So let's kind of stop about here so

104
00:04:23,690 --> 00:04:26,800
you can see the types off classes and name

105
00:04:26,800 --> 00:04:29,070
spaces that are available to us. So, for

106
00:04:29,070 --> 00:04:31,930
example, system bias system users, system

107
00:04:31,930 --> 00:04:35,210
devices, etcetera and processes. These are

108
00:04:35,210 --> 00:04:37,420
the ways of us retrieving kind of

109
00:04:37,420 --> 00:04:40,440
information by using the basic commands.

110
00:04:40,440 --> 00:04:42,490
So if we clear this, let's go a little bit

111
00:04:42,490 --> 00:04:45,760
further. Now the GitHub, my object,

112
00:04:45,760 --> 00:04:48,530
actually has a few more parameters and

113
00:04:48,530 --> 00:04:50,650
properties that we can utilize. The first

114
00:04:50,650 --> 00:04:53,180
one is the name space. So I can say, Well,

115
00:04:53,180 --> 00:04:56,140
let's specify the route name, space, and

116
00:04:56,140 --> 00:04:58,970
then what I'm gonna do is do class and

117
00:04:58,970 --> 00:05:01,350
remember that what I want to be able to do

118
00:05:01,350 --> 00:05:03,690
here is just type the word name space it

119
00:05:03,690 --> 00:05:06,030
does actually have. If we go back here,

120
00:05:06,030 --> 00:05:07,800
you can see it's to underscores, but it

121
00:05:07,800 --> 00:05:10,770
makes it into a single line, and so that

122
00:05:10,770 --> 00:05:13,560
allows me to retrieve all the items that

123
00:05:13,560 --> 00:05:14,980
are there. If I do this, it's going to go

124
00:05:14,980 --> 00:05:16,850
crazy and give me a whole list of

125
00:05:16,850 --> 00:05:19,240
different name spaces. It's the X same

126
00:05:19,240 --> 00:05:21,190
list that we looked at previously, except

127
00:05:21,190 --> 00:05:23,660
what it gives us now is lots of the

128
00:05:23,660 --> 00:05:26,370
property values that are associated to it

129
00:05:26,370 --> 00:05:29,650
as well. Okay, so let's go. One step kind

130
00:05:29,650 --> 00:05:32,840
of further. So what about if we wanted to

131
00:05:32,840 --> 00:05:35,730
perform a query instead? So we can say

132
00:05:35,730 --> 00:05:38,650
GitHub my object. And this time we're

133
00:05:38,650 --> 00:05:40,790
going to use that other parameter, That

134
00:05:40,790 --> 00:05:43,670
query option. Now, I mentioned before that

135
00:05:43,670 --> 00:05:47,840
we can utilize SQL type syntax to be able

136
00:05:47,840 --> 00:05:50,660
to get the information. So I'm gonna say

137
00:05:50,660 --> 00:05:54,480
select star from the name space, and then

138
00:05:54,480 --> 00:05:57,020
I'm gonna set my name space to be that

139
00:05:57,020 --> 00:05:59,570
route. So this is another way of

140
00:05:59,570 --> 00:06:01,120
retrieving the same thing. So we have to

141
00:06:01,120 --> 00:06:02,880
specify the name, space or the class, or

142
00:06:02,880 --> 00:06:04,920
we do a query. So when a press center, we

143
00:06:04,920 --> 00:06:08,140
get the same information, come back again.

144
00:06:08,140 --> 00:06:10,210
So it's fairly straightforward in the way

145
00:06:10,210 --> 00:06:12,340
that it would be utilized. So let me kind

146
00:06:12,340 --> 00:06:14,730
of clear this again and will say get W m I

147
00:06:14,730 --> 00:06:17,810
object again. And this time around, we're

148
00:06:17,810 --> 00:06:20,760
just gonna pick one of those kind of

149
00:06:20,760 --> 00:06:22,870
containers to actually look at. So the

150
00:06:22,870 --> 00:06:26,510
first way of doing this is is we can go in

151
00:06:26,510 --> 00:06:29,390
and say I want to get this specific

152
00:06:29,390 --> 00:06:34,010
object. Win 32. I'm going to say operating

153
00:06:34,010 --> 00:06:37,790
system and press center. Now that will

154
00:06:37,790 --> 00:06:40,520
return the subset of information now

155
00:06:40,520 --> 00:06:42,950
notice it has some properties that come

156
00:06:42,950 --> 00:06:44,920
back. So how do we get the properties?

157
00:06:44,920 --> 00:06:47,930
Well, we could pipe it out right here so I

158
00:06:47,930 --> 00:06:50,540
could say, object on then I could say

159
00:06:50,540 --> 00:06:54,150
property on. Then let's say version and do

160
00:06:54,150 --> 00:06:56,580
enter, and that will retrieve the single

161
00:06:56,580 --> 00:07:00,280
property. If I wanted to, I could just a

162
00:07:00,280 --> 00:07:04,700
select object version and do the same

163
00:07:04,700 --> 00:07:06,920
thing. So that dash property option isn't

164
00:07:06,920 --> 00:07:09,160
necessarily required to retrieve the

165
00:07:09,160 --> 00:07:11,370
specific value. So it's fairly

166
00:07:11,370 --> 00:07:13,450
straightforward in the way that we can

167
00:07:13,450 --> 00:07:16,920
retrieve specific information. Now, if we

168
00:07:16,920 --> 00:07:19,490
just choose GitHub to to be my object and

169
00:07:19,490 --> 00:07:21,660
pass that container, it will just give us

170
00:07:21,660 --> 00:07:24,770
all of the properties. So that is the same

171
00:07:24,770 --> 00:07:28,040
process that we can utilize. If I say

172
00:07:28,040 --> 00:07:30,360
process, it will list me all of the

173
00:07:30,360 --> 00:07:32,150
processes, and you can see all of the

174
00:07:32,150 --> 00:07:34,520
properties going crazy on the screen for

175
00:07:34,520 --> 00:07:36,360
every single one. Now, of course, that's

176
00:07:36,360 --> 00:07:39,240
not a great view. So we can once again

177
00:07:39,240 --> 00:07:43,550
format table, so I can do this way, and

178
00:07:43,550 --> 00:07:46,270
then if we scroll up, you can see we get a

179
00:07:46,270 --> 00:07:48,750
different kind of layout I went too far.

180
00:07:48,750 --> 00:07:52,540
Then let me just go a bit further back.

181
00:07:52,540 --> 00:07:56,310
Uh, there we do this kind of table, so win

182
00:07:56,310 --> 00:07:58,470
32 process. And it takes all of those

183
00:07:58,470 --> 00:08:01,210
properties that we kind of saw previously

184
00:08:01,210 --> 00:08:04,160
and put them in a table format instead. So

185
00:08:04,160 --> 00:08:05,730
we have different ways of retrieving the

186
00:08:05,730 --> 00:08:09,320
same thing. Now, if I wanted to get that

187
00:08:09,320 --> 00:08:11,620
same information but not do it that way,

188
00:08:11,620 --> 00:08:13,350
maybe I don't want to use a select. Or

189
00:08:13,350 --> 00:08:15,690
maybe I don't want to just type win a

190
00:08:15,690 --> 00:08:18,270
parading system, etcetera. Then we could

191
00:08:18,270 --> 00:08:20,270
actually say I'm looking for a specific

192
00:08:20,270 --> 00:08:24,040
property instead. So let's let's set our

193
00:08:24,040 --> 00:08:28,650
name space a bit too close There. Name

194
00:08:28,650 --> 00:08:32,150
space on the name space we can use this

195
00:08:32,150 --> 00:08:36,010
syntax. So we can say root slash and then

196
00:08:36,010 --> 00:08:38,520
whatever that kind of container is Now, if

197
00:08:38,520 --> 00:08:40,360
you remember the containers when we looked

198
00:08:40,360 --> 00:08:43,330
at the w, my kind of the same explorer. So

199
00:08:43,330 --> 00:08:48,820
what we can do is, say, security center,

200
00:08:48,820 --> 00:08:53,580
too, and I can say list. And this will

201
00:08:53,580 --> 00:08:56,110
retrieve all of the parameters and the

202
00:08:56,110 --> 00:08:58,040
properties that are available. And you can

203
00:08:58,040 --> 00:09:00,490
see we've got anti virus product, anti

204
00:09:00,490 --> 00:09:04,140
spyware and firewall. So let's change our

205
00:09:04,140 --> 00:09:06,620
query because what I want to be able to do

206
00:09:06,620 --> 00:09:10,240
is just retrieve that. So I can now say,

207
00:09:10,240 --> 00:09:12,120
go and get this name space. We've already

208
00:09:12,120 --> 00:09:14,810
filtered it down by using that path syntax

209
00:09:14,810 --> 00:09:16,870
and then I can say, the class that I'm

210
00:09:16,870 --> 00:09:24,650
looking for is anti virus product. And

211
00:09:24,650 --> 00:09:27,610
then what that will do is give us just the

212
00:09:27,610 --> 00:09:30,290
data for the anti virus product and you

213
00:09:30,290 --> 00:09:31,660
can see it gives me a break down its

214
00:09:31,660 --> 00:09:33,950
Windows defender. And that was the time

215
00:09:33,950 --> 00:09:34,900
stamp. And this is the name of the

216
00:09:34,900 --> 00:09:37,240
computer. So running some of the basic

217
00:09:37,240 --> 00:09:39,660
commands would allow you to retrieve

218
00:09:39,660 --> 00:09:43,120
specific information from the machine that

219
00:09:43,120 --> 00:09:45,250
you're actually connected to. And this is

220
00:09:45,250 --> 00:09:47,580
one of the most common types of actions

221
00:09:47,580 --> 00:09:53,000
that you would run using W. M. I. Is to query and retrieve information.