Danny's Newsletter

Share this post

Danny's Newsletter
Danny's Newsletter
Tools of the Trade: The Command Line
Copy link
Facebook
Email
Notes
More

Tools of the Trade: The Command Line

Danny
Jun 06, 2024
1

Share this post

Danny's Newsletter
Danny's Newsletter
Tools of the Trade: The Command Line
Copy link
Facebook
Email
Notes
More
Share

Last time, we discussed that there are many tools of the trade in the field of Cybersecurity.

Today, we will discuss two of them: The Command Line Interfaces for Windows and Linux.

Note: We’ll have a post for the MacOS command line as well, but generally speaking Windows and Linux will be the two that will be utilized in cloud or server environments.

The Windows CLI

There are several aspects of the Window Operating System you are probably accustomed to using the GUI for.

Many of these same tasks can be accomplished with the Command Prompt, and often times better. Think of the GUI as driving automatic, and the Command Prompt as stick shift.

For example, to find all files ending in a specific extension, you would go into File Explorer and hit search on the top right. If you have tried this in a busy desktop, you know this can be quite slow.

You could also do this within the Command Prompt, a.k.a. cmd.exe or cmd.

To list all files in the current directory ending with "txt" as the extension in a detailed format, you can utilize the following.

dir /B | findstr “.txt”

This will output any file in the directory with a .txt extension.

To look for network connections on your host, output this every 5 seconds, and only look for established connections, you can use the following. 

netstat -nao 5 | findstr “ESTABLISHED”

Now, suppose you need to find valid IP addresses within a log file for an investigation.
(Something that will come up in Cybersecurity)

You can run something like this

findstr /r "\<[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\>" filename.txt

Stay tuned to see how to do this in Linux.

Linux CLI

The Linux CLI is really where the OS shines, as most power users and engineers will spend most of their time here. Simply because of the features it supports natively.

These are just some of the many features.

  • Bulk File Operations

  • System Monitoring

  • Chaining Multiple Commands Together

  • Rich Support for Regex

One of the most powerful features of the Linux CLI is the ability to chain commands together using pipes “|”. This allows you to connect multiple commands together and use the output of one command as the input for another. (Think of links literally being chained together)

selective focus photograph of gray metal chains

Let’s go over a simple example to demonstrate the concept.

The command ls -l | grep ".txt" will list all files in the current directory ending with "txt" as the extension in a detailed format. This combines the output of ls -l . and grep “.txt”.

Another advanced feature is the use of redirection operators “>” and “>>”. These operators allow you to redirect and append output to a file respectively. For example, the command ls -l > file.txt will create a file called "file.txt" and then write the output of the "ls -l" command to it.

Or take the command

echo "1, 2, 3" >> file.txt

This will append the actual text “1, 2, 3” to the file file.txt.

Now take the following command

cat >> file.txt

This will literally take you into the file. Allowing you to interactively edit the file, then whatever you type at this point becomes part of the file.

Regex

Regular expressions with grep is another powerful feature that can be leveraged in Linux. This can be used to search for patterns in text as seen above in the Windows section. However, support for regex is much richer within Linux.

Take the command grep -E "^[A-Z]" file.txt

This will search for lines in "file.txt" that start with an uppercase letter. The command grep -E "^[aA-zZ]" will look for any alphabetical letters, this time case-insensitive.

Imagine you are tasked with finding the top IP addresses that were seen in a log as part of an investigation. Regex and Linux can help here.

To match on valid IP addresses within a file, you can run

grep -Eo "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" log.txt

To get the top IP addresses in the file, you can add | sort | uniq -c with the pipe character and chain together those commands.

The full command would look like this

grep -Eo "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" log.txt | sort | uniq -c

These are just some examples where regular expressions can be utilized within Linux.

I go over these concepts in more detail in my free Linux course.

Wrapping Up

In addition to these use cases, the command line (for both OS) offers scripting capabilities, allowing users to automate repetitive tasks, chain multiple commands together, based off of your specific needs. This level of flexibility and automation is often not feasible to achieve within the GUI.

Enjoyed this edition of the series?

Subscribe for free and join a community of Cybersecurity enthusiasts.

Thanks for reading my Newsletter! Subscribe (free) to receive new posts & support my work.

1

Share this post

Danny's Newsletter
Danny's Newsletter
Tools of the Trade: The Command Line
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Danny
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More