Catching WMI Lateral Movement in an Enterprise Network
Offered By: BruCON Security Conference via YouTube
Course Description
Overview
Explore Windows Management Instrumentation (WMI) detection techniques in this 43-minute conference talk from BruCON Security Conference. Gain insights into the challenges SOC analysts face in keeping up with evolving threats and vulnerabilities. Learn about WMI's prevalence in Windows systems and its appeal to both administrators and attackers. Discover a practical approach to detecting WMI usage at the network level, including custom IDS (Snort) fingerprints. Understand the initial naive approach, challenges encountered, lessons learned, and results obtained in developing WMI detection methods. Join the speaker in improving these techniques and enhancing enterprise network security against lateral movement attacks utilizing WMI.
Syllabus
07 - BruCON 0x0B - Catching WMI lateral movement in an enterprise network - Jaco Blokker
Taught by
BruCON Security Conference
Related Courses
Learn Windows PowerShell in a Month of LunchesYouTube PowerShell for IT Professionals
YouTube Detecting WMI Exploitation
YouTube Investigating PowerShell Attacks
BruCON Security Conference via YouTube Blinding Endpoint Security Solutions - WMI Attack Vectors
Ekoparty Security Conference via YouTube