~*[ CORE 1 ]*~

2.5 IPv4 Internet Protocol (IP) Addressing

Private IP addresses are sets of addresses in specific ranges that can't be sent over the Internet. One benefit of these addresses is that they can be used in local networks without having to be bought from an internet registry.

~*[ CORE 2 ]*~

1.2 Microsoft Command Line Tools

/?

Shows information on a specified command, for example, entering netstat /? in the command line would output help for the netstat command.

netstat

Shows network status, active connections, etc. netstat -ano will show all active connections with process IDs and IP addresses.
More Info: Using the netstat command to find port information, Post Exploitation Discovering Network Information In Windows by Administrator

nslookup

Shows the IP address for a domain name, or the other way around. Also like can be used to tell if a DNS server is down or to send a DNS request to a domain controller nslookup %LOGONSERVER%.%USERDNSDOMAIN%
More Info: What Is nslookup Command and How to Use It by Aris B, Basic Win CMD for Pentesters

chkdsk

Remember it stands for "Check Disk", basically what the name suggests chkdsk is used for repairing drives, recovering data, etc. The two main options are /f and /r and have different uses based on if the error is logical or physical. chkdsk /f is used for logical errors, for example corruption in a file system, while chkdsk /r is used for physical errors like identifying bad sectors on a drive.
More Info: Difference Between CHKDSK /F and CHKDSK /R by Alisa

net user

Super convenient way to view or add users, change passwords, etc. through the command line. Without any options it will list all the users, accounts can be created with net user [username] [password] /add.
More Info: Mitre Att&ck Techniques Account Discovery, Windows Net Utility

net use

Deals with shared resources, can map shares locally, remove, configure connections, etc. net use drive: \\[servername]\[sharename] will map a share to whatever local drive is specified.

format

Used to create new file systems and root directories for partitions.

diskpart

Has a lot of different functions around drive management: creating, removing, listing..can also be used to format.

1.3 Logs in Event Viewer (eventvwr.msc)

Security Log

Information about the security and audit data in a system, for example failed and successful login attempts.
File: security.evtx in %System Root%\System32\Winevt\Logs\

Application Log

Information on application errors.
File: application.evtx in %System Root%\System32\Winevt\Logs\

Setup Log

Events from Windows upgrades or installation processes.
File: setup.evtx in %System Root%\System32\Winevt\Logs\

System Log

Information on hardware issues, driver failures, service failures, etc.
File: system.evtx in %System Root%\System32\Winevt\Logs\

1.7 Windows 10/11 Install Requirements

Windows 11 (64-bit) min req: Dual-core 1GHz processor, 4GB of RAM, 64 GB hard drive space
Windows 10 (64-bit) min req: 1 GHz processor, 2GB of RAM, 32 GB hard drive space
Windows 10 (32-bit) min req: 1 GHz processor, 1GB of RAM, 32 GB hard drive space

2.1 Mobile Device Management (MDM)

BYOD: Bring Your Own Device
CYOD: Choose Your Own Device
COBO: Corporate Owned, Business Only
COPE: Corporate Owned, Personally Enabled

3.3 Best Practice Procedures for Malware Removal

1. Investigate and verify malware symptoms
2. Quarantine the infected systems
3. Disable System Restore in Windows
4. Remediate the infected systems
   • Update anti-malware software
   • Scanning and removal techniques (e.g., safe mode, preinstallation environment)
5. Schedule scans and run updates
6. Enable System Restore and create a restore point in Windows
7. Educate the end user

4.3 Backup and Recovery

Full

Everythinggg on a device, can take a while and needs quite a bit of storage space depending on the data.

Incremental

After an initial full backup, each subsequent backup captures only the data that changed since the last backup, whether it was a full backup or the preceding incremental backup. Each incremental backup is dependent on the previous incremental backups.

Differential

After an initial full backup, each subsequent backup captures all the data that changed since that first full backup. Each differential backup is independent of previous differential backups.

Synthetic

Okay so synthetic backups are pretty much just creating a full backup using the stored data from an initial full backup and its subsequent incremental backups, instead of creating a full backup from the source data.

4.3 Backup Rotation Schemes

Grandfather-Father-Son (GFS)

Combination of full, incremental, and differential. Grandfather is a full backup done once a month and stored off-site. Father is a full backup done weekly. Son is a differential or incremental daily backup.

3-2-1

3 backups, one primary and two copies of the data.
2 different types of media used to save data.
1 backup stored off-site.