Foundations

Introduction Working effectively with Windows systems from a security or administration perspective requires a solid understanding of the available command-line interfaces. Unlike graphical tools, command-line environments expose the operating system in a direct and scriptable way, allowing fine‑grained control over system behavior, configuration, and automation. Windows ships with two primary command-line interfaces: Command Prompt (cmd.exe) and PowerShell. While both provide access to the underlying operating system, they differ significantly in design philosophy, capabilities, and use cases. Understanding when and how to use each one is a foundational skill for system administrators, blue team operators, and penetration testers alike. ...

Introduction Bash is the scripting language used to interact directly with Unix‑based operating systems through the shell. It allows administrators and security practitioners to automate repetitive tasks, chain command‑line utilities, and process large volumes of data efficiently. In modern environments, Bash is not limited to Linux systems, as Windows provides compatibility through the Windows Subsystem for Linux, enabling cross‑platform usage. In enterprise and security‑focused environments, Bash scripting becomes essential due to the scale and velocity of data handled daily. Analysts frequently rely on scripts to enumerate systems, filter logs, test connectivity, and orchestrate reconnaissance or defensive workflows. Instead of manually executing dozens of commands, a single well‑designed script can perform complex logic reliably and repeatably. ...

Intro Most communication on the Internet is performed through web requests using the Hypertext Transfer Protocol (HTTP). HTTP is an application-layer protocol designed to enable the retrieval and exchange of resources across the World Wide Web. The term hypertext refers to text that contains references (links) to other resources, enabling non-linear navigation between documents. HTTP follows a client-server communication model. The client, typically a web browser or command-line tool, initiates a request for a resource. The server processes this request and returns a response containing the requested resource or an error message. By default, HTTP operates over TCP port 80, although servers may be configured to listen on alternative ports. ...

Intro Network Traffic Analysis (NTA) can be described as the systematic examination of network traffic with the objective of understanding how data flows through an environment, identifying normal behavior, and detecting deviations that may indicate security threats or operational issues. By analyzing ports, protocols, and communication patterns, security professionals are able to establish a baseline for expected activity and monitor for anomalies that may signal malicious behavior. This process is especially valuable because network traffic represents the ground truth of what is actually happening in an environment. Logs and alerts can be incomplete or misleading, but traffic captures reveal real interactions between hosts. Through continuous observation and analysis, defenders can identify threats early, investigate suspicious activity, and gain a deeper understanding of their organization’s network behavior. ...

Intro Web applications are interactive applications that run inside web browsers and typically follow a client-server architecture. In this model, the client (browser) is responsible for rendering the interface and interacting with the user, while the server handles application logic, data processing, and persistence. This separation enables scalability, flexibility, and centralized control, but also introduces a wide attack surface that must be properly understood from a security perspective. From a security engineering point of view, this separation of responsibilities is critical. Any data crossing the boundary between client and server must be considered untrusted by default, regardless of client-side validation. Attackers can fully control browsers, manipulate requests, and bypass front-end restrictions, which is why secure design always assumes a hostile client environment. ...

Introduction to Web Proxies Web proxies sit between a browser or mobile client and the back-end server to capture and inspect HTTP traffic. Unlike full network sniffers that see all local traffic, web proxies focus on web ports such as HTTP/80 and HTTPS/443. This focus makes them ideal for web assessment workflows that require precise request editing and replay. Web proxies support more than interception, and they become a central tool for application testing. They can map endpoints, review headers, and identify patterns that guide further attacks or validation checks. Common tasks include the following: ...