7MS #357: 7 Minutes of IT and Security Tips

04/11/19 • 7 min

Today I'm launching an ongoing series called 7MOIST. It stands for:

7
Minutes
of
IT
and
Security
Tips

The wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long!

I know, I know! You're saying, "Wait a sec, bub, isn't that why this podcast is called 7 Minute Security in the first place?" And yes, you'd be right.

Basically, this is my way of going old school and getting back my podcast "roots" by delivering an episode before we had an intro jingle, interviews, sponsors, banter about hot cocoas or an outro song. Nothing but delicious content today friends, Enjoy!

Today's theme is:

Windows command line shortcuts and tips: Creative ways to play with cmd

Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line.

But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this:

cmd /k

For example:

cmd /k ping 192.168.0.1

The cmd /k part opens a command window, and then ping 192.168.0.1 can be whatever command you also want to run on the fly.

And if you want to start programs and/or open files right from the command line, you can do that (in most cases) by just typing the program name, like:

notepad

Or, get really fancy and add a document name after the command. For example:

notepad meow.txt

If meow.txt doesn't exist, Notepad will simply ask you to create it!

Finding files faster

Call me crazy, but the Windows find/search feature sometimes doesn't find stuff that I know is there. So I still like using old school DOS commands for this. I might do something like:

cd \ dir /s *brian*.doc

The dir stands for directory, and the /s tells the system to search recursively.

See 7ms.us for the rest of today's show notes!

Today I'm launching an ongoing series called 7MOIST. It stands for:

7
Minutes
of
IT
and
Security
Tips

The wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long!

I know, I know! You're saying, "Wait a sec, bub, isn't that why this podcast is called 7 Minute Security in the first place?" And yes, you'd be right.

Today's theme is:

Windows command line shortcuts and tips: Creative ways to play with cmd

Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line.

But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this:

cmd /k

For example:

cmd /k ping 192.168.0.1

The cmd /k part opens a command window, and then ping 192.168.0.1 can be whatever command you also want to run on the fly.

And if you want to start programs and/or open files right from the command line, you can do that (in most cases) by just typing the program name, like:

notepad

Or, get really fancy and add a document name after the command. For example:

notepad meow.txt

If meow.txt doesn't exist, Notepad will simply ask you to create it!

Finding files faster

Call me crazy, but the Windows find/search feature sometimes doesn't find stuff that I know is there. So I still like using old school DOS commands for this. I might do something like:

cd \ dir /s *brian*.doc

The dir stands for directory, and the /s tells the system to search recursively.

See 7ms.us for the rest of today's show notes!

Previous Episode

7MS #356: Faster Hard Drive Forensics with CyLR and CDQR

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!

In today's episode I talk about some cool tools you can use to start a hard drive forensics investigation more quickly. Resources talked about on today's podcast include:

Forensics 101 - a talk I did for the 7MS user group in January
The Digital Forensics Survival Podcast is a FANTASTIC resource to learn more about forensics
CyLR works great to do quick live disk artifact-gathering on a suspect system, and then...
CDQR can step in and analyze the info you gathered with CyLR and spit out helpful reports to begin your investigation
YouTube video of the CyLR/CDQR creators demonstrating the tools and doing a live demo of artifact collection/analysis
Did you miss this week's mousejacking Webinar? Also, DIY $500 Pentest Lab - Part 2 is up on YouTube. And we've got a fun Webinar on MITRE ATT&CK coming up in May. Sign up here

Next Episode

7MS #358: 4 Ways to Write a Better Pentest Report

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!

This week we're talking about everybody's favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last few months I've seen a lot of reports from other companies, and here are a few key problems I see with them:

Too long - overall these things are waaAAaAaaAayyyYYYYYYyyy too long. I see reports where the analyst has copied and pasted an entire Nessus report into the main report. Yikes. That makes these things weigh in at hundreds(!) of pages.
Too techie - these reports look like their written from one techie to another. Nothing wrong with that, really, however in many cases the key person that needs to "get it" is a manager or C-level position who needs to understand the risks in plain English.
No narrative - the reports are just a long laundry list of vulnerabilities without any context of how the pentest was conducted or which vulns should be fixed first.
Weak remediation - most of the findings are accompanied by whatever remediation instructions are provided by the vuln-scanner or other tool. We can do better than this!

How? Listen to today's episode :-).

Oh, and don't forget to come to the next 7MS User Group meeting on Monday, April 22! Details here!