Tasklist
The [Tasklist] ity displays a list of applications and services with their Process IDs (PID) for all tasks running on either a local or a remote computer. It is packaged with Windows operating systems and can be executed from the command-line interface. (Citation: Microsoft Tasklist)
Lslsass
[Lslsass] is a publicly-available tool that can dump active logon session password hashes from the lsass process. (Citation: Mandiant APT1)
spwebmember
[spwebmember] is a Microsoft SharePoint enumeration and data dumping tool written in .NET. (Citation: NCC Group APT15 Alive and Strong)
Empire
[Empire] is an open source, cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python, the post-exploitation agents are written in pure [PowerShell](https://attack.mitre.org/techniques/T1059/001) for Windows and Python for Linux/macOS. [Empire] was one of five tools singled out by a joint report o
ifconfig
[ifconfig] is a Unix-based utility used to gather information about and interact with the TCP/IP settings on a system. (Citation: Wikipedia Ifconfig)
dsquery
[dsquery] is a command-line utility that can be used to query Active Directory for information from a system within a domain. (Citation: TechNet Dsquery) It is typically installed only on Windows Server versions but can be installed on non-server variants through the Microsoft-provided Remote Server Administration Tools bundle.
netstat
[netstat] is an operating system utility that displays active TCP connections, listening ports, and network statistics. (Citation: TechNet Netstat)
PoshC2
[PoshC2] is an open source remote administration and post-exploitation framework that is publicly available on GitHub. The server-side components of the tool are primarily written in Python, while the implants are written in [PowerShell](https://attack.mitre.org/techniques/T1059/001). Although [PoshC2] is primarily focused on Windows implantation, it does contain a basic Python dropper for Linux/m
Fgdump
[Fgdump] is a Windows password hash dumper. (Citation: Mandiant APT1)
xCmd
[xCmd] is an open source tool that is similar to [PsExec](https://attack.mitre.org/software/S0029) and allows the user to execute applications on remote systems. (Citation: xCmd)