Understanding Windows Management Instrumentation
Windows Management Instrumentation (WMI) is a core component of Windows that was designed to allow administrators to perform local and remote management operations across a network. WMI has been extensively used in Windows/AD administration. WMI has gained popularity among both attackers & defenders in recent times. This talk is to understand what exactly is WMI and what's in it for an admin/attacker/defender?
The talk will roughly follow the following outline:
- Why bother understanding WMI?
- What is WMI?
- WMI architecture overview
- WMI & Powershell
- Useful WMI queries
- Attacker & Defender perspective of WMI
- Lab setup - for practice
- Moving Forward
Security research @Appsecco
I enjoy good books, coffee, camping and stargazing!
Starts at Saturday March 10 2018, 11:30 AM. The sessions runs for about 1 hour.