A responder runs the two commands below looking for the number of lines that contain the word powershell. Which of the following is a reason why the output is different between the two plugins?
A responder runs the two commands below looking for the number of lines that contain the word powershell. Which of the following is a reason why the output is different between the two plugins?
The difference in output between the two commands can be attributed to the psscan plugin identifying hidden processes that pslist does not. The pslist plugin enumerates processes by walking the active process linked list, capturing active and unhidden processes. On the other hand, the psscan plugin scans for processes in memory, including those that have been hidden or terminated. This would result in psscan finding more instances, as indicated by the higher count in the second command's output.
i will go with d