To start cmd.exe type cmd at the run command box in XP/Windows 7 from the start menu. Of course quite a few are inbuilt (for/cd). Realize that most of these commands are complete programs that are invoked from the terminal using their executable names (ipconfig/netstat). Let’s get to it, it will be concise and fast. How do you really differentiate which is which in terms of the workflow techniques? The more you know the better (more like all roads lead to Rome). Then you carve out the sections from the dump and thereafter proceed to static disassembly analysis to get more in depth data to do the network forensics on the debugged executable. Taking a memory dump of an infected system to get the malware bare and naked is the first step. They are futile as the complexity is only going up with each new malware and exploit. Further for us malware reversers are the lines between discriminating analysis and forensics. That surely beats the effort required to compose a ninth every now and then, I suppose. The analogy for tech musicians (if you are one) would be paint by numbers music composition using building blocks as arrangement atoms. I always follow the “streamlining your toolkit” agenda, wherein I make the maximum use with minimum effort required. Here I aim to describe some of the useful commands that I use to get some better results during my own analysis sessions. In spite of WMIC and Powershell which will be delved upon as well, you might agree that the convenience of these power tools might not be evident on every system, considering that XP is still the most used OS. ![]() However, as security professionals it’s just fine if we get more comfortable with this undervalued gem. In modern workspaces full of interactive user interfaces and ever improving graphics hardware and software, where does cmd.exe fit in? Most users don’t really bother with it as even basic networking seems to be over their heads. Windows has always supported the GUI paradigm and has long moved on from its early DOS days when the command line actually mattered. Long time windows users appreciate it to a certain extent, though linux converts and other OS geeks tend to disregard it, owing to some really great features available on their shells. Part I Abstract : The command prompt for windows is a dark horse of sorts. Cmd.exe – Leveraging the command line for windows: malware analysis and forensics.
0 Comments
Leave a Reply. |