filmov
tv
Abusing Windows Management Instrumentation (WMI)
Показать описание
by Matthew Graeber
Imagine a technology that is built into every Windows operating system going back to Windows 95, runs as System, executes arbitrary code, persists across reboots, and does not drop a single file to disk. Such a thing does exist and it's called Windows Management Instrumentation (WMI).
With increased scrutiny from anti-virus and 'next-gen' host endpoints, advanced red teams and attackers already know that the introduction of binaries into a high-security environment is subject to increased scrutiny. WMI enables an attacker practicing a minimalist methodology to blend into their target environment without dropping a single utility to disk. WMI is also unlike other persistence techniques in that rather than executing a payload at a predetermined time, WMI conditionally executes code asynchronously in response to operating system events.
This talk will introduce WMI and demonstrate its offensive uses. We will cover what WMI is, how attackers are currently using it in the wild, how to build a full-featured backdoor, and how to detect and prevent these attacks from occurring.
Imagine a technology that is built into every Windows operating system going back to Windows 95, runs as System, executes arbitrary code, persists across reboots, and does not drop a single file to disk. Such a thing does exist and it's called Windows Management Instrumentation (WMI).
With increased scrutiny from anti-virus and 'next-gen' host endpoints, advanced red teams and attackers already know that the introduction of binaries into a high-security environment is subject to increased scrutiny. WMI enables an attacker practicing a minimalist methodology to blend into their target environment without dropping a single utility to disk. WMI is also unlike other persistence techniques in that rather than executing a payload at a predetermined time, WMI conditionally executes code asynchronously in response to operating system events.
This talk will introduce WMI and demonstrate its offensive uses. We will cover what WMI is, how attackers are currently using it in the wild, how to build a full-featured backdoor, and how to detect and prevent these attacks from occurring.
0:50:01
Abusing Windows Management Instrumentation (WMI)
0:18:59
Abusing windows management instrumentation wmi
0:50:01
Abusing Windows Management Instrumentation WMI To Build A Persistent, Asyn
0:02:15
Windows Management Instrumentation (WMI) - defending against adversaries | Red Canary
0:15:56
The ABCs of WMI - Finding Evil in Plain Sight
0:03:21
An intro into abusing and identifying WMI Event Subscriptions for persistence
0:34:48
Tech Segment: Basics of Abusing WMI Events - Paul's Security Weekly #509
0:27:04
Windows WMI Demystified: From Repositories to Namespaces
0:10:46
Understanding Windows Management Instrumentation
0:28:28
The Detection Series: Windows Management Instrumentation (Part 1) | Red Canary
0:04:52
Powershell WMI Objects Check If Exists
![Abusing [WMI] to](https://i.ytimg.com/vi/pRgY0kLQdfo/hqdefault.jpg)
0:11:42
Abusing [WMI] to Build a Persistent and Fileless Backdoor
0:02:12
Device42 WMI Tester HowTo
0:01:56
LABScon 2022: Attack on WMI Client
0:00:55
SyncTest Video Tutorial #3: Client deployment using the Windows Management Instrumentation (WMI)
0:11:42
Abusing WMI to Build a Persistent and Fileless Backdoor
0:04:21
WMI Monitoring - Windows Monitoring with Nagios XI
0:00:41
Windows Management Instrumentation
0:13:28
Abusing WMI Providers For Persistence - Philip Tsukerman
0:00:36
WMI Lateral Movement
0:35:16
PDQ Live! : WMI in the Real World
0:50:59
Track 3 03 Detecting WMI exploitation Michael Gough
0:00:11
Converting Get-WMIObject to C#
0:03:54
PowerEvents: WMI Event Bindings
Комментарии