Explore Windows Management Instrumentation (WMI) detection techniques in this 43-minute conference talk from BruCON Security Conference. Gain insights into the challenges SOC analysts face in keeping up with evolving threats and vulnerabilities. Learn about WMI's prevalence in Windows systems and its appeal to both administrators and attackers. Discover a practical approach to detecting WMI usage at the network level, including custom IDS (Snort) fingerprints. Understand the initial naive approach, challenges encountered, lessons learned, and results obtained in developing WMI detection methods. Join the speaker in improving these techniques and enhancing enterprise network security against lateral movement attacks utilizing WMI.
Overview
Syllabus
07 - BruCON 0x0B - Catching WMI lateral movement in an enterprise network - Jaco Blokker
Taught by
BruCON Security Conference
Related Courses
-
Detecting WMI Exploitation
-
Hunting Lateral Movement for Fun and Profit
-
Abusing Windows Management Instrumentation - WMI
-
How to Hunt for Lateral Movement on Your Network
-
Network Defender Archeology - An NSM Case Study in Lateral Movement with DCOM
-
Blasting Event-Driven Cornucopia - WMI-based User-Space Attacks Blind SIEMs and EDRs
