Slides from "Understanding WMI" talk given at Null, Bangalore March 10th 2018.
Repo for the talk - https://github.com/yamakira/understanding-wmi
Windows Management Instrumentation (WMI) is a core component of Windows that was designed to allow administrators to perform local and remote management operations across a network. WMI has been extensively used in Windows/AD administration. WMI has gained popularity among both attackers & defenders in recent times. This talk is to understand what exactly is WMI and what's in it for an admin/attacker/defender?
The outline of the talk:
Why bother understanding WMI?
What is WMI?
WMI architecture
WMI & Powershell
WQL
Useful WMI queries
Attacker & Defender perspective of WMI
Lab setup - for practice
Moving Forward