YoVDO

Catching WMI Lateral Movement in an Enterprise Network

Offered By: BruCON Security Conference via YouTube

Tags

BruCON Courses Cybersecurity Courses Threat Detection Courses Windows Management Instrumentation (WMI) Courses

Course Description

Overview

Explore Windows Management Instrumentation (WMI) detection techniques in this 43-minute conference talk from BruCON Security Conference. Gain insights into the challenges SOC analysts face in keeping up with evolving threats and vulnerabilities. Learn about WMI's prevalence in Windows systems and its appeal to both administrators and attackers. Discover a practical approach to detecting WMI usage at the network level, including custom IDS (Snort) fingerprints. Understand the initial naive approach, challenges encountered, lessons learned, and results obtained in developing WMI detection methods. Join the speaker in improving these techniques and enhancing enterprise network security against lateral movement attacks utilizing WMI.

Syllabus

07 - BruCON 0x0B - Catching WMI lateral movement in an enterprise network - Jaco Blokker


Taught by

BruCON Security Conference

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network