Featuring 6 Papers as of July 28, 2015
Coding For Incident Response: Solving the Language Dilemma
by Shelly Giesbrecht - July 28, 2015
Incident responders frequently are faced with the reality of "doing more with less" due to budget or manpower deficits. The ability to write scripts from scratch or modify the code of others to solve a problem or find data in a data "haystack" are necessary skills in a responder's personal toolkit. The question for IR practitioners is what language should they learn that will be the most useful in their work? In this paper, we will examine several coding languages used in writing tools and scripts used for incident response including Perl, Python, C#, PowerShell and Go. In addition, we will discuss why one language may be more helpful than another depending on the use-case, and look at examples of code for each language.
Using Windows Script Host and COM to Hack Windows
by Alex Ginos - January 3, 2011
During the exploitation phase of penetration testing, the attacker may establish a beachhead on a target machine by running an exploit against a vulnerable network service. Often this results in a command prompt. At this point, the question becomes: How can the command line be used to advantage to access sensitive information, escalate privileges and find and attack other hosts? There are numerous useful hacking tools that can help with this but initially they are unlikely to be present on the compromised system. The attacker needs to bootstrap the process of further discovery and exploitation using only the limited tools and privileges available at the command prompt. In some cases, it may be necessary to evade detection by avoiding suspicious executables that may be flagged by anti-malware software running on the target. This paper explores the possibilities of using command line scripting tools and software components that are likely to be present on most Microsoft Windows systems to facilitate penetration testing.
Capturing and Analyzing Packets with Perl
by John Brozycki - January 28, 2010
The steps in setting up a Windows system with Perl and the necessary add-ons to be able to run and create packet capturing Perl scripts.
Practical PERL for Security Practitioners
by Holt Sorenson - March 25, 2004
This paper introduces PERL as a useful, flexible, and extensible tool for the security practitioner. References to resources are provided so that the reader may expand their knowledge beyond the concepts presented here.
Using Scripts to Exploit and Mitigate Risks
by Robert Rodriguez - February 5, 2004
This paper discusses how scripts can best help you and your unique situations by covering some of the commands that really make a script what it is; powerful.
Using The WinBatch Scripting Language To Automate Security In An NT4 Environment
by Terry Chapman - August 16, 2001
In this document I will endeavor to guide you through a couple of relatively simple scripts in order to demonstrate that getting started with scripting is not as a daunting task as you may have considered.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.