Blinding Endpoint Security Solutions - WMI Attack Vectors
Offered By: Ekoparty Security Conference via YouTube
Course Description
Overview
Explore a groundbreaking conference talk on WMI attack vectors and their impact on endpoint security solutions. Delve into new research showcasing previously unseen attacks on WMI, involving both user and kernel mode vectors. Learn about WmiCheck, a novel security tool designed to detect various OS attacks, including those covered in this presentation. Gain insights from Claudiu Teodorescu, CTO and Co-founder of Binarly, as he discusses the weaknesses in WMI architecture and potential solutions for reliable OS event collection. Understand the critical importance of these attack vectors in disabling security solutions that rely on WMI telemetry, including EDR, AV, SIEM, and malware sandbox solutions.
Syllabus
Claudiu Teodorescu - Blinding Endpoint Security Solutions: WMI attack vectors - Ekoparty 2022
Taught by
Ekoparty Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network