No Win32_Process Needed - Expanding the WMI Lateral Movement Arsenal

Explore advanced WMI lateral movement techniques beyond the traditional Win32_Process class in this 42-minute conference talk from Hack in Paris. Delve into Philip Tsukerman's presentation on expanding the WMI arsenal for lateral movement between endpoints. Learn why threat actors have primarily relied on the "Create" method of the "Win32_Process" class and discover untapped potential within the vast scope of WMI classes and methods. Gain insights into leveraging lesser-known WMI capabilities for more sophisticated lateral movement strategies, while understanding how these techniques can be used for reconnaissance and establishing persistence.

HIP18 - Talk 14 - No Win32_Process Needed Expanding the WMI Lateral Movement Arsenal