RESOURCE MONITOR
CPU23%
MEMORY67%
DISK I/O45%
NETWORK89%
SYSTEM MONITOR
|
SECURITY LOG
[14:23:45]INFOUser authentication successful
[14:23:47]WARNSuspicious network activity detected
[14:23:50]INFOFirewall rule updated
NETWORK SCAN
Scanning ports: 22, 80, 443, 3389
192.168.1.100 - OPEN
192.168.1.101 - FILTERED
Scan completed: 4/4 ports
Back to Training Modules
INTELLIGENCE GATHERING

SYSTEM RECONNAISSANCE

Master PowerShell techniques for system enumeration, process analysis, and environment discovery.GATHER INTELLIGENCE LIKE AN ELITE OPERATIVE

10

RECON OPS

105

MINUTES

0

COMPLETED

0%

PROGRESS

Intelligence Progress

RECONNAISSANCE MISSIONS

Master systematic intelligence gathering techniques for cybersecurity operations

1

System Information Gathering

Collect system details, OS version, hardware configuration, and environment variables

8 MIN
2

Process Enumeration & Analysis

Discover running processes, analyze process trees, and identify suspicious activity

10 MIN
3

Service Discovery & Assessment

Enumerate system services, check service configurations, and identify vulnerabilities

12 MIN
4

Network Interface Reconnaissance

Map network interfaces, routing tables, and active connections

9 MIN
5

User & Group Enumeration

Identify user accounts, group memberships, and privilege escalation paths

11 MIN
6

File System Reconnaissance

Map file systems, discover hidden files, and identify sensitive data locations

13 MIN
7

Registry Intelligence Gathering

Extract system configuration, installed software, and security settings from registry

10 MIN
8

Security Controls Assessment

Evaluate antivirus, firewall, and security software configurations

8 MIN
9

Event Log Analysis

Parse security logs, identify suspicious events, and timeline reconstruction

12 MIN
10

Reconnaissance Lab Challenge

Complete reconnaissance of a target system using all learned techniques

15 MIN

RECONNAISSANCE ARSENAL

Essential PowerShell commands for systematic intelligence gathering operations

SYSTEM INFO

Get-ComputerInfo

Comprehensive system information

Get-ComputerInfo | Select-Object WindowsProductName, TotalPhysicalMemory, CsProcessors
PROCESS RECON

Get-Process

Running process analysis

Get-Process | Where-Object {$_.ProcessName -notlike "svchost*"} | Sort-Object CPU -Descending
NETWORK RECON

Get-NetTCPConnection

Active network connections

Get-NetTCPConnection | Where-Object {$_.State -eq "Established"} | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort
USER RECON

Get-LocalUser

Local user account enumeration

Get-LocalUser | Where-Object {$_.Enabled -eq $true} | Select-Object Name, LastLogon, PasswordRequired
REGISTRY RECON

Get-ItemProperty

Registry reconnaissance

Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | Select-Object DisplayName, DisplayVersion
LOG ANALYSIS

Get-WinEvent

Security event analysis

Get-WinEvent -FilterHashtable @{LogName="Security"; ID=4624} -MaxEvents 10

NEXT OPERATION

Advance to file system and registry operations for deeper system access

FILE SYSTEM OPSALL MODULES