How Hackers Exploit Your Windows Tools, Part 2: The WMI Threat
Speaker: Lee Lawson, Special Operation Resercher, SecureWorks Counter Threat Unit
Duration: 60 minutes
Windows Management Instrumentation (WMI) is a Microsoft Windows administrative tool that has access to all system resources, making it powerful for both legitimate and illegitimate use.
Via WMI you can do things like execute, delete and copy files; change registry values; and identify what security products are installed to aid in bypassing them.
The malicious use of WMI and other legitimate tools continues to grow and was identified as a top trend in a recent SecureWorks Threat Intelligence Executive Report. Like PowerShell, WMI is often used to create file-less attacks that are difficult to identify and stop with technology alone. This makes WMI the perfect tool for threat actors to use as camouflage while acting inside your organisation.
Join us to learn:
- Why WMI is so risky
- Tips to identify malicious use of WMI
- How threat actors hide their tracks and how you can unmask them
- WMI threats identified by SecureWorks researchers
- How you can avoid becoming a victim to this growing threat vector
You can now watch part one in this series, which discusses how threat actors are exploiting Powershell, on-demand here.