Save $200 on Cyber Security Training at SANS Miami 2018. Ends 12/27.

Reading Room

SANS eNewsletters

Receive the latest security threats, vulnerabilities, and news with expert commentary

Microsoft Windows

Featuring 4 Papers as of November 16, 2017

  • Supplementing Windows Audit, Alerting, and Remediation with PowerShell by Daniel Owen - November 16, 2017 

    This paper outlines the use of PowerShell to supplement audit, alerting, and remediation platform for Windows environments. This answers the question of why use PowerShell for these purposes. Several examples of using PowerShell are included to start the thought process on why PowerShell should be the security multi-tool of first resort. Coverage includes how to implement these checks in a secure, automatable way. To demonstrate the concepts discussed, small code segments are included. The intent of the included code segments is to inspire the reader's creativity and create a desire to use PowerShell to address challenges in their environment. Finally, a short section includes resources for code examples and learning tools. While some knowledge of PowerShell will aid the reader, the intended audience of this paper is the PowerShell novice.


  • Migration to Office 365, a Case Study on Security and Administration in the Non-profit Sector by Richard Snow - February 27, 2017 

    A non-profit serves a mixed community of staff and volunteers. Its email archiving and spam filter services were going to reach the end of life in January 2017. Generous charity pricing for Office 365 from Microsoft was an incentive to move away from the existing hosted Exchange platform. The company needed to develop a strategy for migration to Microsoft Office 365. It had to upgrade Microsoft Office software as well as migrate email. How could it accomplish the transition as well as maintain or improve security?


  • Securing the GIAC Enterprise Endpoint ISE/M 6100 - Security Project Practicum - Lab Notebook STI Graduate Student Research
    by Balaji Balakrishnan, Matthew Hosburgh, and Patrick Neise - January 6, 2016 

    This was a student assignment to perform an OPSEC assessment for a fictional company, GIAC Enterprises. The team found some interesting tools and wrote some of their own. In addition, the report could be used as a first order template for an organization's Windows 10 deployment.


  • Securing the Windows 10 GIAC Enterprise Endpoint ISE/M 6100 - Security Project Practicum - Technical Paper STI Graduate Student Research
    by Balaji Balakrishnan, Matthew Hosburgh, and Patrick Neise - January 6, 2016 

    This was a student assignment to perform an OPSEC assessment for a fictional company, GIAC Enterprises. The team found some interesting tools and wrote some of their own. In addition, the report could be used as a first order template for an organization's Windows 10 deployment.


Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

STI Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.