No Win32_Process Needed - Expanding the WMI Lateral Movement Arsenal
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore advanced WMI lateral movement techniques beyond the traditional Win32_Process class in this 42-minute conference talk from Hack in Paris. Delve into Philip Tsukerman's presentation on expanding the WMI arsenal for lateral movement between endpoints. Learn why threat actors have primarily relied on the "Create" method of the "Win32_Process" class and discover untapped potential within the vast scope of WMI classes and methods. Gain insights into leveraging lesser-known WMI capabilities for more sophisticated lateral movement strategies, while understanding how these techniques can be used for reconnaissance and establishing persistence.
Syllabus
HIP18 - Talk 14 - No Win32_Process Needed Expanding the WMI Lateral Movement Arsenal
Taught by
Hack in Paris
Related Courses
NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in ParisHack in Paris via YouTube All Roads Lead to OpenVPN Pwning Industrial Remote Access Clients - Sharon Brizinov - Hack in Paris - 2021
Hack in Paris via YouTube Exploits in Wetware - R. Sell - Hack in Paris - 2019
Hack in Paris via YouTube All Your GPS Trackers Belong to Us - C. Kasmi, P. Barre - Hack in Paris - 2019
Hack in Paris via YouTube In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass - E. Carroll - Hack in Paris - 2019
Hack in Paris via YouTube