Threat Level: green Handler on Duty: Kevin Liston

SANS ISC: Windows Commands Reference - An InfoSec Must Have - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Windows Commands Reference - An InfoSec Must Have

A PDF containing an overview and alphabetical listing of Windows commands

Use this PDF to find the documentation resources and other technical information that you need to learn about the command shell, and to automate command-line tasks by using scripts or scripting tools.

This is 948 pages of Windows raw command-line power, for blue and red teams, for sysadmins and users; if you use Windows, this is an imperative download and a must-have reference guide. I am reasonably certain even the most knowledgeable among you will find a command or two you weren't aware of. 

Examples:

cmstp Installs or removes a Connection Manager service profile. Used without optional parameters, cmstp installs a
service profile with default settings appropriate to the operating system and to the user's permissions.

scwcmd The Scwcmd.exe command-line tool included with the Security Configuration Wizard (SCW) can be used to
perform the following tasks:

  • Configure one or many servers with an SCW-generated policy.
  • Analyze one or many servers with an SCW-generated policy.
  • View analysis results in HTML format.
  • Roll back SCW policies.
  • Transform an SCW-generated policy into native files that are supported by Group Policy.
  • Register a Security Configuration Database extension with SCW.

You will find this PDF useful and easy to navigate, may I humbly suggest you download and incorporate it into your reference library.

https://www.microsoft.com/en-us/download/details.aspx?id=56846

This will go nicely with your SANS Poster - White Board of Awesome Command Line Kung Fu :-)

Cheers! Russ McRee | @holisticinfosec 

Russ McRee

167 Posts
ISC Handler
thank you
Netmanzim

16 Posts Posts
Oddly, fltmc is missing; allows you to list, load, unload mini-filter drivers like those used by most AV vendors to monitor storage events.
Anonymous
Posts
+1
ICI2I

63 Posts Posts
The podcast referenced a Git location for this. Can someone point me in the direction to find it? Thanks!
Anonymous
Posts
Looks like there's a GitHub repo and a Microsoft Docs site.

https://github.com/MicrosoftDocs/windowsserverdocs/tree/master/WindowsServerDocs/administration/windows-commands

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/windows-commands
Qi

1 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!