Skip to content

Latest commit

 

History

History
30 lines (20 loc) · 702 Bytes

t1010-application-window-discovery.md

File metadata and controls

30 lines (20 loc) · 702 Bytes
Raw
description
Discovery

Application Window Discovery

Retrieving running application window titles:

{% code title="attacker@victim" %}

get-process | where-object {$_.mainwindowtitle -ne ""} | Select-Object mainwindowtitle

{% endcode %}

A COM method that also includes the process path and window location coordinates:

{% code title="attacker@victim" %}

[activator]::CreateInstance([type]::GetTypeFromCLSID("13709620-C279-11CE-A49E-444553540000")).windows()

{% endcode %}

References

{% embed url="https://attack.mitre.org/wiki/Technique/T1010" %}