In order to correctly do forensics; in finding vulnerabilities, that the security team has revealed in their security scans.
The two commands I use mostly do this job is:
c:\ netstat -abno | find "port number"
This command gives me a process id for the port that has the vulnerability.
After this;
I use the following comand to associate the application running on that process associated with the port above.
c:\ wmic process | find "Proccess Id" > proc.txt
Which gives me the application linked to that process, from here, I just research the application to find the vulnerability embedded within.
My question to all your PowerShell experts is;
How do I acomplish the same process in PowerShell?
Now keep in mind, I start with a port and end up with an application which is associated to that port with the steps listed above.
My thoughts:
It probably has something to do with:
Get-Process
and
Get-NetTCPConnection
But can't fully understand how to break down the thought process as explained above.