Abusing Windows Management Instrumentation - WMI
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the offensive capabilities of Windows Management Instrumentation (WMI) in this 50-minute Black Hat conference talk by Matthew Graeber. Delve into a powerful technology built into every Windows operating system since Windows 95 that runs as System, executes arbitrary code, persists across reboots, and operates without dropping files to disk. Learn how advanced red teams and attackers leverage WMI to blend into high-security environments without introducing binaries. Discover WMI's unique ability to conditionally execute code asynchronously in response to operating system events, setting it apart from other persistence techniques. Gain insights into WMI's structure, its current usage by attackers in the wild, and techniques for constructing a full-featured backdoor. Conclude with essential knowledge on detecting and preventing WMI-based attacks, equipping yourself with valuable cybersecurity skills for both offensive and defensive operations.
Syllabus
Abusing Windows Management Instrumentation (WMI)
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network