WinRM Cheatsheet & PowerShell Syntax

TL;DR Enable-PSRemoting Invoke-Command

I’ve been doing some PowerShell exercises within the Mosse Cyber Security Institute Online Platform. Most exercises require demonstrating the PowerShell executing locally and remotely so this is a cheatsheet for enabling WinRM/PS-Remoting.

Side note:

  • ISE does not have line wrapping. See here

To Enable PSRemoting

Enable-PSRemoting -Force

Adding a trusted host

If the machine is not connected to the Domain, you will need to add a trusted host.

winrm s winrm/config/client '@{TrustedHosts=""}'

A great reference for editing the registry is here

Running Remote Commands

Use Invoke-Command from here

Such as:

Invoke-Command -ComputerName WINB -ScriptBlock { echo "Hello World"}


Connect to Splunk with Python

This post will cover the following: Connecting to Splunk with the Python SDK, executing a search and receiving the results Connecting to Splunk without ...

Back to Top ↑


Winlogbeat & ELK

TL;DR: Create Logstash conf.d file to allow Winlogbeat to be ingested into Logstash. Change Winlogbeat config file to use Logstash instead of Elasticsearch.

Golang and Windows Network Interfaces

I have been working on Windows and needed to connect to a Network Interface (NIC). I ran into problems, here is what I learned and hope it saves the same tro...

Tcpdump Notes

I have been using tcpdump recently and wanted to note down some of the commands Y’know, for future reference.

Pivoting with SSH

Today I was trouble shooting a machine at work. I did not have access via RDP or VNC, so I used SSH to forward my traffic to the host so I could access a URL.

GitHub Actions

I participated in a DevSecOps type workshop on Saturday (May 9th) in which we created some GitHub Actions. This is a post to solidify the learning and be a c...

Threat Defense Workshop

On April 25th I was fortunate enough to participate in the Trend Micro Threat Defense workshop.

Incident Handling Certification

Since I blogged about my experience at OpenSoc, I wanted to expand on the value I found in my eLearnSecuirty Incident Response course. What you will find bel...

OpenSoc Experience

So Thursday (April 9th) I participated in an online blue team defense simulation event, known as OpenSOC.

Golang Parsing Strings

I have been working with Golang strings and how to manipulate them. Working from other blogs posts I’ve found. When I sit down to code, I seem to forget ever...

Welcome to Jekyll!

You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different wa...

Back to Top ↑