EPISODE · Oct 22, 2015 · 44 MIN
2015-043: WMI, WBEM, and enterprise asset management
from BrakeSec Education Podcast
WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely. Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use. It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system. Mr. Boettcher and I sit down and discuss the functions of #WMI, it's history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier. #assetmanagement #remotemanagement #wbem #wmi #windows DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescu Wbemtest: http://blogs.technet.com/b/chad/archive/2012/03/08/tip-45-wbemtest-the-underappreciated-tool.aspx WMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx TuneIn podcast Link: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ RSS: http://www.brakeingsecurity.com/rss Show notes
NOW PLAYING
2015-043: WMI, WBEM, and enterprise asset management
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m