Ashour Blog

Powershell

Sun, 26 Apr 2026 19:29:11 +0300

CMD Vs. PowerShell

It’s time to look at Windows’ modern successor to CMD, PowerShell.

Differences

PowerShell and CMD are included natively on any Windows host.
Therefore, Why would I use one over the other?
Observe the following table to know the differences/comparison between PowerShell & CMD.

Feature	CMD	PowerShell
Language	Batch and basic CMD commands only.	PowerShell can interpret Batch, CMD, PS cmdlets, and aliases.
Command utilization	The output from one command cannot be passed into another directly as a structured object, due to the limitation of handling the text output.	The output from one command can be passed into another directly as a structured object resulting in more sophisticated commands.
Command Output	Text only.	PowerShell outputs in object formatting.
Parallel Execution	CMD must finish one command before running another.	PowerShell can multi-thread commands to run in parallel.

PowerShell is more than a command-line interface (CLI); it’s also a versatile scripting language designed for extensibility and integration with various tools.
Unlike CMD, the traditional Windows CLI, PowerShell is open-source project and cross-platform, supporting both Windows and Linux systems.
Built on the .NET framework, it leverages an object-based model for interaction and output, moving beyond simple text-based methods.

Why Choose PowerShell Over cmd.exe?

Why does PowerShell matter for IT admins, Offensive & Defensive Infosec pros?

CMD

Sun, 26 Apr 2026 19:28:58 +0300

Command Prompt Basics

To begin developing command-line skills, we’ll start with cmd.exe (the Command Prompt) which includes:
- What cmd.exe is.
- How to access it.
- How the shell functions.

CMD.exe

The Command Prompt (cmd.exe or CMD) is the default command-line interpreter for Windows OS, evolved from DOS’s COMMAND.COM.
Found in nearly all Windows OSs versions, it allows users to execute commands directly, performing tasks like password changes or network interface status checks. - This also reduces system resources, as graphical-based programs require more CPU and memory.

Detecting Network Abnormalities

Fri, 24 Apr 2026 01:51:12 +0300

Fragmentation Attacks

Related PCAP File(s)—nmap_frag_fw_bypass.pcapng.
When investigating network anomalies, start by examining the IP layer
The IP layer is:
- Responsible for transferring data packets between network points (from one hop to another).
- Using source and destination IP addresses to facilitate communication between hosts (inter-hosts communication).
IP addresses can be found within the IP header of each packet when analyzing network traffic.
Keep in mind that the IP layer itself doesn’t detect lost, dropped, or altered/tampered packets.

Link Layer Attacks

Fri, 24 Apr 2026 01:51:12 +0300

ARP Spoofing & Abnormality Detection

Related PCAP File(s)—ARP_Spoof.pcapng.
Attackers have long misused the Address Resolution Protocol (ARP) to carry out man-in-the-middle and denial-of-service attacks.
Because of this common abuse, ARP is a key area/point to examine when analyzing network traffic, and it’s often the first protocol we check.
Many ARP attacks are broadcast to the entire network rather than targeting individual computers, which makes them easier to find using packet sniffing.

Zeek

Fri, 17 Apr 2026 14:34:26 +0200

Zeek Fundamentals

Zeek is an open-source network traffic analyzer used to detect suspicious or malicious activity by scrutinizing network traffic.
Beyond security, it aids in troubleshooting network issues and performing network measurements.
Once deployed, Zeek provides defensive cybersecurity teams with extensive log files detailing network activity, including connection records and application-layer transcripts (e.g., DNS, HTTP).
Zeek also offers built-in functions for analyzing and detecting network activities.
Zeek’s powerful scripting language allows users to create custom scripts, similar to Suricata rules, enabling adaptable network analysis and intrusion detection.

Suricata

Fri, 17 Apr 2026 14:34:19 +0200

Suricata Fundamentals

Suricata is a robust, open-source network security engine for IDS, IPS, and NSM.
Developed and maintained by the OISF, it showcases the power of community-led, non-profit projects.
Suricata dissect/analyze all network traffic to find potential malicious activity.
It can broadly:
- Assess the network’s health/condition.
- Also investigate specific application-level interactions.
Suricata uses a detailed set of rules to guide its analysis, helping it identify possible threats.
It is designed for high-speed performance on standard and specialized hardware, making it a very efficient tool.

Snort

Fri, 17 Apr 2026 14:34:05 +0200

Snort Fundamentals

Snort is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) that can also function as a packet logger/sniffer, similar to Suricata.
It inspects network traffic to identify and log all activity, providing a comprehensive view and detailed logs of application layer transactions.
Snort requires rule sets to define inspection parameters and identify specific items of interest.
It is designed to operate efficiently on both general-purpose and custom hardware.

Snort Operation Modes

Snort typically operates in the following modes:
- Inline IDS/IPS.
- Passive IDS.
- Network-based IDS.
- Host-based IDS (however, Snort is not ideally a host-based IDS. We would recommend opting for more specialized tools for this.)

According to Snort’s documentation:

About

Fri, 17 Apr 2026 13:57:08 +0200

Hi, I’m Mostafa Ashour 👋 I’m a senior student at the Faculty of Computers and Artificial Intelligence, Cairo University, with a strong interest in cybersecurity.

This blog is a hand-crafted repository of everything I’m learning— not always perfect, but always honest. I’m documenting my journey through the stack as I explore and grow in cybersecurity.

Senior @ FCAI-CU
Aspiring Cybersecurity Engineer.
SOC Analyst (in progress).

🌐 Connect with me

I’m always open to connecting, collaborating, or discussing cybersecurity. Feel free to reach out 👇