Completed
Windows Sysinternals Sysmon
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Detecting WMI Exploitation
Automatically move to the next video in the Classroom when playback concludes
- 1 Whoami
- 2 Why care about WMI?
- 3 What is WMI
- 4 Where does WMI live?
- 5 Windows Sysinternals AutoRuns
- 6 Windows Sysinternals Sysmon
- 7 Do you have a tool that...
- 8 WMI PWNAGE TOOLS
- 9 Process Execution
- 10 Process Command Line tells all
- 11 WMI Activity
- 12 Authentication
- 13 Parent-Child Processes
- 14 Lateral Movement - Push Payloads
- 15 Remote WMI Execution
- 16 WMI Service Starting
- 17 Details - Sysmon is an option
- 18 Details - Windows Logging Service WLS
- 19 PowerShell
- 20 How do I Hunt for PS?
- 21 WMI Tools
- 22 WMIC Use
- 23 Hunting for WMI Pwnage
- 24 Recommendations
- 25 Monitor WMI
- 26 Conclusion
- 27 Additional Reading
- 28 Questions