search

Application Window Discovery

Discovery

Retrieving running application window titles:

attacker@victim
get-process | where-object {$_.mainwindowtitle -ne ""} | Select-Object mainwindowtitle

A COM method that also includes the process path and window location coordinates:

hashtag
References

LogoApplication Window Discovery, Technique T1010 - Enterprise | MITRE ATT&CK®attack.mitre.orgchevron-right

PreviousDump Global Address List (GAL) from OWANextAccount Discovery & Enumeration

Last updated