Monday, April 22, 2019

See Recent Typed Powershell Commands

The Powershell ConsoleHost_history file

Windows Powershell has become a beast of a command prompt tool that has become more and more useful for configuration, automation, forensics, penetration testing, etc.

It was first introduced on November 14, 2006 with the wonderful Windows 7 OS version.

There are some very nice commands that can be ran with powershell that will return some potentially valuable forensic information.
Such as:
PS C:\> Get-Process   --returns System Processes
PS C:\> Get-NetTCPConnection –State Established    --returns Network information
PS C:\> Get-ADUser     --returns information about a User

I will cover Powershell and useful commands more in depth in future posts.

For this post I want to point out a potentially valuable text file located at:


View this text file to see a history of Powershell commands executed from the console.

Above is the contents of the ConsoleHost_history.txt file

This text file mentioned above, along with Powershell logs, can be used as a way to give insight into what powershell commands were ran on a box.  And potentially by which user with what commands where ran or attempted to be ran from the console.


1 comment:

  1. The riveter solely wants access a minimum of} one|to 1} aspect of the part, (which is where it gets the name “blind”) making may be a|it is a} handy riveting course of. With proper materials preparation, blind rivets may be flush on either side. Spot – Two pieces of metal are placed beneath strain between two copper alloy suggestions which apply an electrical present, welding the pieces collectively. Welds are flush to the floor and no fluxes or fillers are required, permitting for a clear look. MIG - MIG stands for “metal inert gasoline.” It creates an electric arc between a bit of wire and the sheet metal it’s touching, causing both to melt and be part of collectively. The part is moved in and out of the die both Motorcycle Helmets by human hand or by a robotic course of.