A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
http://www.brakeingsecurity.com
2015-043: WMI, WBEM, and enterprise asset management
WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely.
Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use. It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system.
Mr. Boettcher and I sit down and discuss the functions of #WMI, it's history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier.
#assetmanagement #remotemanagement #wbem #wmi #windows
DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescu
Wbemtest: http://blogs.technet.com/b/chad/archive/2012/03/08/tip-45-wbemtest-the-underappreciated-tool.aspx
WMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx
TuneIn podcast Link: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
RSS: http://www.brakeingsecurity.com/rss
Show notes