SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsWinDump is often used to analyze packet captures by incorporating Berkeley Packet Filters, to reduce large captures into manageable subsets. The filtering makes use of macros to easily specify common protocol properties, however, analyzing other properties requires a deeper understanding of the protocol and more complicated expressions. PowerShell is a Windows scripting language that has become increasingly popular within the security community. PowerShell is extremely extensible, and can be used to develop an easy way to interact with WinDump. This paper will demonstrate how to write a custom PowerShell module that serves as a wrapper around WinDump, enabling an easier and more intuitive way of unleashing the power of WinDump.