Abusing Windows Management Instrumentation - WMI
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the offensive capabilities of Windows Management Instrumentation (WMI) in this 50-minute Black Hat conference talk by Matthew Graeber. Delve into a powerful technology built into every Windows operating system since Windows 95 that runs as System, executes arbitrary code, persists across reboots, and operates without dropping files to disk. Learn how advanced red teams and attackers leverage WMI to blend into high-security environments without introducing binaries. Discover WMI's unique ability to conditionally execute code asynchronously in response to operating system events, setting it apart from other persistence techniques. Gain insights into WMI's structure, its current usage by attackers in the wild, and techniques for constructing a full-featured backdoor. Conclude with essential knowledge on detecting and preventing WMI-based attacks, equipping yourself with valuable cybersecurity skills for both offensive and defensive operations.
Syllabus
Abusing Windows Management Instrumentation (WMI)
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube