Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Abusing Windows Management Instrumentation - WMI

Black Hat via YouTube

Overview

Explore the offensive capabilities of Windows Management Instrumentation (WMI) in this 50-minute Black Hat conference talk by Matthew Graeber. Delve into a powerful technology built into every Windows operating system since Windows 95 that runs as System, executes arbitrary code, persists across reboots, and operates without dropping files to disk. Learn how advanced red teams and attackers leverage WMI to blend into high-security environments without introducing binaries. Discover WMI's unique ability to conditionally execute code asynchronously in response to operating system events, setting it apart from other persistence techniques. Gain insights into WMI's structure, its current usage by attackers in the wild, and techniques for constructing a full-featured backdoor. Conclude with essential knowledge on detecting and preventing WMI-based attacks, equipping yourself with valuable cybersecurity skills for both offensive and defensive operations.

Syllabus

Abusing Windows Management Instrumentation (WMI)

Taught by

Black Hat

Reviews

Start your review of Abusing Windows Management Instrumentation - WMI

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.