Explore Windows Management Instrumentation (WMI) attacks, real-time defense strategies, and advanced forensic analysis techniques in this comprehensive conference talk from BSidesLV 2015. Delve into the intricacies of WMI, including PowerShell integration, WMI queries, and event handling. Examine various WMI attack vectors and understand the motivations behind their use. Learn about advanced forensic methodologies, reverse engineering techniques, and forensic parsing tools specifically designed for WMI analysis. Witness a live demonstration of WMI tools and gain practical insights into defending against and investigating WMI-based threats. This 53-minute presentation equips security professionals with essential knowledge to enhance their understanding of WMI security implications and forensic capabilities.
Overview
Syllabus
Intro
Welcome
WhyMI
PowerShell
WMI Query
WMI Events
WMI Attacks
Providers
Motivation
Advanced forensics
Reverse engineering
Forensic parsers
Demo
WMI tool
Taught by
BSidesLV