Abstract

Understanding Windows Management Instrumentation

Windows Management Instrumentation (WMI) is a core component of Windows that was designed to allow administrators to perform local and remote management operations across a network. WMI has been extensively used in Windows/AD administration. WMI has gained popularity among both attackers & defenders in recent times. This talk is to understand what exactly is WMI and what's in it for an admin/attacker/defender?

The talk will roughly follow the following outline:

  1. Why bother understanding WMI?
  2. What is WMI?
  3. WMI architecture overview
  4. WMI & Powershell
  5. WQL
  6. Useful WMI queries
  7. Attacker & Defender perspective of WMI
  8. Lab setup - for practice
  9. Moving Forward

Speaker

Bharath

Security research @Appsecco

I enjoy good books, coffee, camping and stargazing!

https://disruptivelabs.in

Timing

Starts at Saturday March 10 2018, 11:30 AM. The sessions runs for about 1 hour.

Resources