Top Cybersecurity Instructors and Best Offers of the Year Available Now - Learn More!

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Sorry! The requested paper could not be found.

Scripting Tips

Featuring 7 Papers as of November 16, 2017

  • Supplementing Windows Audit, Alerting, and Remediation with PowerShell by Daniel Owen - November 16, 2017 

    This paper outlines the use of PowerShell to supplement audit, alerting, and remediation platform for Windows environments. This answers the question of why use PowerShell for these purposes. Several examples of using PowerShell are included to start the thought process on why PowerShell should be the security multi-tool of first resort. Coverage includes how to implement these checks in a secure, automatable way. To demonstrate the concepts discussed, small code segments are included. The intent of the included code segments is to inspire the reader's creativity and create a desire to use PowerShell to address challenges in their environment. Finally, a short section includes resources for code examples and learning tools. While some knowledge of PowerShell will aid the reader, the intended audience of this paper is the PowerShell novice.

  • Coding For Incident Response: Solving the Language Dilemma Graduate Student Research
    by Shelly Giesbrecht - July 28, 2015 

    Incident responders frequently are faced with the reality of "doing more with less" due to budget or manpower deficits. The ability to write scripts from scratch or modify the code of others to solve a problem or find data in a data "haystack" are necessary skills in a responder's personal toolkit. The question for IR practitioners is what language should they learn that will be the most useful in their work? In this paper, we will examine several coding languages used in writing tools and scripts used for incident response including Perl, Python, C#, PowerShell and Go. In addition, we will discuss why one language may be more helpful than another depending on the use-case, and look at examples of code for each language.

  • Using Windows Script Host and COM to Hack Windows by Alex Ginos - January 3, 2011 

    During the exploitation phase of penetration testing, the attacker may establish a “beachhead” on a target machine by running an exploit against a vulnerable network service. Often this results in a command prompt. At this point, the question becomes: “How can the command line be used to advantage to access sensitive information, escalate privileges and find and attack other hosts?” There are numerous useful hacking tools that can help with this but initially they are unlikely to be present on the compromised system. The attacker needs to bootstrap the process of further discovery and exploitation using only the limited tools and privileges available at the command prompt. In some cases, it may be necessary to evade detection by avoiding suspicious executables that may be flagged by anti-malware software running on the target. This paper explores the possibilities of using command line scripting tools and software components that are likely to be present on most Microsoft Windows systems to facilitate penetration testing.

  • Capturing and Analyzing Packets with Perl Graduate Student Research
    by John Brozycki - January 28, 2010 

    The steps in setting up a Windows system with Perl and the necessary add-ons to be able to run and create packet capturing Perl scripts.

  • Practical PERL for Security Practitioners by Holt Sorenson - March 25, 2004 

    This paper introduces PERL as a useful, flexible, and extensible tool for the security practitioner. References to resources are provided so that the reader may expand their knowledge beyond the concepts presented here.

  • Using Scripts to Exploit and Mitigate Risks by Robert Rodriguez - February 5, 2004 

    This paper discusses how scripts can best help you and your unique situations by covering some of the commands that really make a script what it is; powerful.

  • Using The WinBatch Scripting Language To Automate Security In An NT4 Environment by Terry Chapman - August 16, 2001 

    In this document I will endeavor to guide you through a couple of relatively simple scripts in order to demonstrate that getting started with scripting is not as a daunting task as you may have considered.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact

All papers are copyrighted. No re-posting or distribution of papers is permitted. Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.