Advantages of CLI in Windows: lower resource usage, automation (batch scripts), remote mgmt

Basic CLI commands 
set # checks path of cmd line in PATH=
ver # checks version of the Operating System
systeminfo # Info about the system (OS/processor/mem)
driverquery | more # List drivers, one page at a time
cls # clear
ipconfig # basic inetworking info like IP/subnet
ipconfig /all # displays includ DNS server/DHCP status
ping [target] # tests connectivity via ICMP packets
tracert [target] # traces network route to target, showing each hop
nslookup site.com # finds IP of a domain
netstat -abon # displays connections, ports, associated programs, PID's

Working with Directories
cd # current directory/changes it
dir # list files in a directory
dir /a # show hidden files
dir /s # list files in current dir + subdirs
mkdir [name] # create a new dir
rmdir [name] # delete a dir
tree # visual representation of dirs/subdirs

type [file] # Displays contents of a text file
more [file] # Shows file's content one page at a time
copy [file] [destination] # Copies file to new location
move [file] [destination] # Moves file to new location.
del [file] or erase [file] # Deletes file
copy *.md [destination] # Copies all files with .md extension to destination folder

tasklist # Displays a list of running processes
tasklist /FI "imagename eq [process_name]" # Filters tasklist for a specific process 
taskkill /PID [pid] # Terminates process by proc ID (PID)

PowerShell

# Launch powershell
Press Win + R or type powershell in cli 
cmdlets are powershell cmds that follow a verb-noin structure

Get-Content # gets file contents
-- example: Get-Content -Path ".\\captain-hat.txt"

Set-Location # change current working dir
-- example: Set-Location -Path ".\\Documents"

Get-Command # list all avail cmdlets, functions, aliases, scripts that can be executed
CommandInfo # For each object you get from a cmdlet, properties/info are displayed
 -- filter list of commands based on display property values
 -- example: Get-Command -CommandType "Function"
 
 Get-Help # provides detailed info about cmdlets, isage, params, examples
 -- example: Get-Help Get-Date -examples # will display examples
 
 Get-Alias # display all aliases available 
 -- example: Get-ChildItem is an alias for dir 
 -- example: Set-Location is an alias for cd 
 
 Find-Module # search for modules or collections of cmdlets in online repositories
 -- example: Find-Module -Name "PowerShell*"
 
 Install-Module # you can download/install modules from the repository
 -- example: Install-Module -Name "PowerShellGet"
 
 Get-ChildITem # lists files/dirs in location specified with -Path parameter
 -- if no -Path specified, the cmdlet displays current dir content
 
 New-Item # creates a new item | need to specify path of item + type
 -- example: New-Item -Path ".\\captain-cabin\\captain" -ItemType "Directory"
 -- example: New-Item -Path ".\\captain-cabin\\wardrobe.txt" -ItemType "File"
 
 Remove-Item # removes both dirs/file | rmdir or del
 -- example: Remove-Item -Path ".\\dirs\\file.txt" 
 -- example: Remove-Item -Path ".\\dir\\dir\\"
 
 Copy-Item # equiv to copy
 -- example: Copy-Item -Path .\\file\\file.txt -Destination .\\file\\newdir\\file2.txt
 Move-Item # equiv to move
 
 type # equiv to cat in linux

Piping - A technique that allows output of one command to be used as the input for another. |

• In powershell piping passes objects instead of just text
• objects carry data, properties, methods that describe/interact with data
• example: Get-ChildItem | Sort-Object Length
• Get-ChildItem retrieves the files (as objects), and (|) sends file objects to Sort-Object, which then sorts them by their Length (size) property.

Get-ChildItem | Where-Object -Property "Extension" -eq ".txt"

• Where-Object filters the files by the Extension property

-eq # equal
-ne # not equal 
-gt # greater than 
-ge # greater than or equal to
-lt # less than 
-le # less than or equal to
-like 

Select-Object # select specific properties from objects/limit number of objects returned
-- example: Get-ChildItem | Select-Object Name,Length 

Select-String # searches for text patterns within files like grep or findstr in windows 
-- example: Select-String -Path ".\\file.txt" -Pattern "hat"
-- supports regex

regex

Get-ComputerInfo # retreives system info, OS, BIOS, hardware specs like systeminfo
Get-LocalUser # lists all local user accts on a system 
-- default output dispalays, usernames, account status, description

Get-NetIPConfiguration # detailed info about network like ipconfig
Get-NetIPAddress # details for all IP's configured including non-active ones

More detailed information

Get-Process # detailed view of all current running procs, cpu/mem usage 
Get-Service # pullss info/status of services running/stopped/paused

Get-NetTCPConnection # current TCP connections
Get-FileHash # analyzes files and provides hashes

Scripting - Process of writing/executing a series of cmds contained in a txt file to automate tasks.

Blue Team Uses: Log analysis, detecting anomalies, extracting indicators of compromise (IOCs)

• Can be used to reverse-engineer malicious code (malware)/automate for signs of intrusion