Understanding Windows Management Instrumentation(WMI)
Windows Management Instrumentation (WMI) is a core component of Windows that was designed to allow administrators to perform local and remote management operations across a network. WMI has been extensively used in Windows/AD administration. WMI has gained popularity among both attackers & defenders in recent times. This talk is to understand what exactly is WMI and what's in it for an admin/attacker/defender?
The outline of the talk:
- Why bother understanding WMI?
- What is WMI?
- WMI architecture
- WMI & Powershell
- Useful WMI queries
- Attacker & Defender perspective of WMI
- Lab setup - for practice
- Moving Forward
Outcomes and Objectives
- You will leave the talk with an understanding of WMI
- You'll get an insight into how WMI can be used in attacking, defending and administration of windows domains
- You'll get pointers towards setting up a lab that you can use to practice what you learnt in the talk
To run the presentation
npm install -g reveal-md
More details here
Once reveal-md is installed, use this command
reveal-md -t black.css --separator "\n\n\n\n" --vertical-separator "\n\n\n" understanding_wmi.md
Use Space bar to navigate