Repo for "Understanding WMI" talk given at Null, Bangalore March 10th 2018
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
imgs
README.md
black.css
understanding_wmi.md
understanding_wmi.pdf

README.md

Understanding Windows Management Instrumentation(WMI)

Windows Management Instrumentation (WMI) is a core component of Windows that was designed to allow administrators to perform local and remote management operations across a network. WMI has been extensively used in Windows/AD administration. WMI has gained popularity among both attackers & defenders in recent times. This talk is to understand what exactly is WMI and what's in it for an admin/attacker/defender?

The outline of the talk:

  • Why bother understanding WMI?
  • What is WMI?
  • WMI architecture
  • WMI & Powershell
  • WQL
  • Useful WMI queries
  • Attacker & Defender perspective of WMI
  • Lab setup - for practice
  • Moving Forward

Outcomes and Objectives

  1. You will leave the talk with an understanding of WMI
  2. You'll get an insight into how WMI can be used in attacking, defending and administration of windows domains
  3. You'll get pointers towards setting up a lab that you can use to practice what you learnt in the talk

To run the presentation

Install reveal-md

npm install -g reveal-md

More details here

Once reveal-md is installed, use this command

reveal-md -t black.css --separator "\n\n\n\n" --vertical-separator "\n\n\n" understanding_wmi.md

Browse to http://localhost:1948/understanding-wmi.md#/

Use Space bar to navigate