Friday December 25th

Friday December 18th

Thursday December 3rd

Tuesday December 1st

Monday November 16th

Sunday November 15th

Friday November 6th

Tuesday November 3rd

Wednesday October 14th

1 Kicks

WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis - Matt Graeber Willi Ballenthin Claudiu Teodorescu Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to operating system events in real time. FireEye has recently seen a surge in attacker use of WMI to carry out objectives such as system reconnaissance, remote code execution, persistence, lateral movement, covert data storage, and VM detection. Defenders and forensic analysts have largely remained unaware of the value of WMI due to its relative obscurity and completely undocumented file format. After extensive reverse engineering, our team has documented the WMI repository file format in detail, developed libraries to parse it, and formed a methodology for finding evil in the repository.

0 comments

Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading InfoSecKicks...
brought to you by the Kicks Network