Have a question?
Send enquiry
Message sent Close
100 Essential Windows Commands for Cybersecurity

100 Essential Windows Commands

Command | Sample Usage | Explanation
🔧 System Information & Management
Command Sample Usage Explanation
systeminfo systeminfo | findstr /B /C:"OS Name" Displays detailed system configuration (OS, hardware, patches)
msinfo32 msinfo32 /nfo sysinfo.nfo Opens System Information GUI
hostname hostname Displays computer name
ver ver Displays Windows version
set set | findstr PATH Displays environment variables
tasklist tasklist /svc /fi "IMAGENAME eq svchost.exe" Lists all running processes
taskkill taskkill /F /PID 1234 Terminates tasks by PID or name
sc sc query state= all Manages Windows services
sfc /scannow sfc /scannow Scans and repairs system files
chkdsk chkdsk C: /f /r Checks and repairs disk issues
driverquery driverquery /v /fo list Lists all installed drivers
wmic wmic bios get serialnumber Windows Management Instrumentation console
gpresult gpresult /r Displays Group Policy results
bcdedit bcdedit /enum Manages boot configuration data
mode mode con: cols=120 lines=50 Displays or configures system devices
💻 File System Operations
Command Sample Usage Explanation
dir dir /s /b *.exe Lists files and folders
cd cd /d D:\Data Changes directories
copy copy file.txt C:\backup\ Copies files
xcopy xcopy /E /H /C source dest\ Copies files and folders (advanced)
robocopy robocopy C:\src D:\backup /MIR Robust file copy (ideal for backups)
del del /f /q temp\*.* Deletes files
rmdir rmdir /s /q old_folder Deletes directories
mkdir mkdir "New Folder" Creates directories
attrib attrib +h +s secret.txt Changes file attributes
compact compact /c /s /a Compresses files
cipher cipher /e /s:folder Encrypt/decrypt files using EFS
fsutil fsutil file queryextd C:\file.txt File system management tool
tree tree /f /a > dir_tree.txt Displays folder structure
type type config.ini Displays file content
more type large.log | more Paginates output
🌐 Networking & Connectivity
Command Sample Usage Explanation
ipconfig ipconfig /all Displays IP configuration
ping ping -n 5 8.8.8.8 Tests connectivity to a host
tracert tracert google.com Traces route to a host
nslookup nslookup example.com Resolves DNS to IP
netstat netstat -ano | findstr LISTEN Displays network connections
netsh netsh advfirewall show allprofiles Configures network settings
route route print Displays or modifies routing table
arp arp -a Displays ARP table
getmac getmac /v /fo list Displays MAC addresses
telnet telnet 192.168.1.1 80 Tests TCP connectivity
ftp ftp ftp.example.com Transfers files over FTP
pathping pathping google.com Combines ping and tracert
nbtstat nbtstat -a 192.168.1.100 Displays NetBIOS stats
hostname hostname Shows the current hostname
whoami whoami /priv Displays current username
🛠️ Troubleshooting & Diagnostics
Command Sample Usage Explanation
perfmon perfmon /res Opens Performance Monitor
resmon resmon Opens Resource Monitor
dxdiag dxdiag /t dxdiag.txt DirectX diagnostics
msconfig msconfig System Configuration tool
devmgmt.msc devmgmt.msc Device Manager
control control userpasswords2 Opens Control Panel
cleanmgr cleanmgr /sageset:1 Opens Disk Cleanup
reagentc reagentc /info Configures recovery options
dism dism /online /cleanup-image /restorehealth Deployment Image Servicing tool
taskmgr taskmgr Opens Task Manager
diskpart diskpart /s script.txt Advanced disk partitioning tool
winsat winsat disk -drive c Windows System Assessment Tool
syskey syskey Legacy system encryption config (deprecated)
logman logman create counter perf_log -c "\Processor(_Total)\% Processor Time" Manages performance logs and alerts
wevtutil wevtutil qe System /f:text Event logs command-line utility
📊 Monitoring & Logs
Command Sample Usage Explanation
query query session Displays session/user info
qwinsta qwinsta /server:192.168.1.100 Lists remote desktop sessions
quser quser Lists user sessions
logoff logoff 1 Logs off users from sessions
schtasks schtasks /query /fo LIST /v Manages scheduled tasks
w32tm w32tm /query /status Windows time service
powershell Get-EventLog Get-EventLog -LogName System -Newest 10 View event logs (PowerShell)
powershell Get-Process Get-Process | Where {$_.CPU -gt 50} List processes
powershell Get-Service Get-Service | Where {$_.Status -eq "Running"} List services
powershell Get-LocalUser Get-LocalUser | Where {$_.Enabled -eq $true} List users
powershell Test-NetConnection Test-NetConnection google.com -Port 443 Modern ping
🧠 Advanced PowerShell & Automation
Command Sample Usage Explanation
powershell ISE powershell_ise.exe Opens PowerShell ISE
powershell Set-ExecutionPolicy Set-ExecutionPolicy RemoteSigned Set script policy
powershell Start-Job Start-Job -ScriptBlock {ping google.com} Background tasks
powershell Invoke-WebRequest Invoke-WebRequest -Uri "https://example.com" HTTP request
powershell Import-Module Import-Module ActiveDirectory Load modules
powershell Out-File Get-Process | Out-File processes.txt Redirect output
powershell Get-Command Get-Command -Module NetSecurity Discover commands
powershell Get-Help Get-Help Get-Process -Examples Command help
🧰 Misc & Useful Utilities
Command Sample Usage Explanation
control userpasswords2 control userpasswords2 Advanced user control
clip ipconfig | clip Copies output to clipboard
assoc assoc .txt Views or changes file associations
ftype ftype txtfile Modifies file types used by extensions
echo echo %PATH% Outputs text
pause pause Pauses script execution

Cybersecurity Command Reference | Bookmark for quick access