DEV Community

Cover image for Powershell basics for Cybersecurity
Swapan
Swapan

Posted on

Powershell basics for Cybersecurity

PowerShell is a scripting and automation framework that is widely used in cybersecurity for tasks such as log analysis, vulnerability scanning and incident response. PowerShell is primarily associated with Windows,but it's also becoming increasingly cross-platform with Linux and MacOS.

In this PowerShell basics, I'll highlight aspects relevant to cybersecurity along with sample code.

1. PowerShell Basics:

a. Variables:

# Variable assignment
$name = "John"
Write-Host "Hello, $name!"
Enter fullscreen mode Exit fullscreen mode

b. Arrays:

# Array creation and iteration
$fruits = @("Apple", "Banana", "Orange")
foreach ($fruit in $fruits) {
    Write-Host $fruit
}
Enter fullscreen mode Exit fullscreen mode

c. Functions:

# Function definition and usage
function Greet {
    param (
        [string]$name
    )
    Write-Host "Hello, $name!"
}

Greet -name "Alice"
Enter fullscreen mode Exit fullscreen mode

d. Conditionals:

# If-else statement
$number = 10
if ($number -gt 5) {
    Write-Host "The number is greater than 5."
} else {
    Write-Host "The number is 5 or less."
}
Enter fullscreen mode Exit fullscreen mode

2. PowerShell for Cross-Platform:

a. Installing PowerShell on Linux:

  • For Debian-based systems (e.g., Ubuntu):
  sudo apt-get update
  sudo apt-get install -y powershell
Enter fullscreen mode Exit fullscreen mode
  • For Red Hat-based systems (e.g., CentOS):
  sudo yum install -y powershell
Enter fullscreen mode Exit fullscreen mode

b. Running PowerShell on Linux:

  • Open a terminal and type pwsh to start PowerShell.

3. PowerShell in Cybersecurity:

a. Log Analysis:

# Example: Analyzing Windows Security Event Logs
$securityEvents = Get-WinEvent -LogName Security -MaxEvents 10
foreach ($event in $securityEvents) {
    Write-Host "Event ID: $($event.Id) | Message: $($event.Message)"
}
Enter fullscreen mode Exit fullscreen mode

b. Vulnerability Scanning:

# Example: Checking for open ports using Test-NetConnection
$computers = @("192.168.1.100", "192.168.1.101")
foreach ($computer in $computers) {
    $result = Test-NetConnection -ComputerName $computer -Port 80
    Write-Host "$computer | Port 80 open: $($result.TcpTestSucceeded)"
}
Enter fullscreen mode Exit fullscreen mode

c. Incident Response:

# Example: Collecting system information after an incident
$systemInfo = Get-WmiObject Win32_ComputerSystem
$processes = Get-Process

Write-Host "System Information:"
Write-Host "Computer Name: $($systemInfo.Name)"
Write-Host "Total Processes: $($processes.Count)"
Enter fullscreen mode Exit fullscreen mode

Sample Output:


PS C:\Users\ABC> Write-Host "Computer Name: $($systemInfo.Name)"
Computer Name: SWXXXXOY
PS C:\Users\ABC> Write-Host "Total Processes: $($processes.Count)"
Total Processes: 276
PS C:\Users\ABC>
Enter fullscreen mode Exit fullscreen mode

These are simple examples, and in real-world scenarios, PowerShell scripts can be much more complex and tailored to specific cybersecurity tasks.

Free Microsoft training

Note: No affiliations here...

Top comments (1)

Collapse
 
sidharrth profile image
Siv Deploys

** :~: Concept/Product/Architecture/Code Evaluator :~: **

*As is code Run Results *
Cybersecurity scripts mentioned in the article may not execute unless a right policies/permissions are met.

*As is code Run Suggestions *

  • Specify a step that instructs to store the scripts in files with extensions (ps1, bat, sh)
  • Specify a step on How-To set the PowerShell-Execution-Policies (Get , Set, Remove) to execute cybersecurity scripts mentioned

** :~: Concept/Product/Architecture/Code Evaluator :~: **