List of tools and techniques required by the red team. The contents of this post have been collected from various books and repositories. Reconnaissance system information Command Descriptions systeminfo This tool displays operating system configuration information for a local or remote machine, including service pack levels. hostname Prints the name of the current host. Accounts 1 2 3 4 5 6 7 8 net users net localgroups net localgroup Administrators net user <USERNAME> # Crosscheck local and domain too net user <USERNAME> /domain net group Administrators /domain Network information 1 2 3 4 5 6 ipconfig /all route print arp -A # Network connections netstat -ano Processes And Services 1 2 3 4 # Running processes tasklist /SVC sc query state= all | findstr "SERVICE_NAME:" >> a & FOR /F "tokens=2 delims= " %i in (a) DO @echo %i >> b & FOR /F %i in (b) DO @(@echo %i & @echo --------- & @sc qc %i | findstr "BINARY_PATH_NAME" & @echo.