2015-043: WMI, WBEM, and enterprise asset management - a podcast by Bryan Brake, Amanda Berlin, Brian Boettcher

WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely.

Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use.  It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system. 

Mr. Boettcher and I sit down and discuss the functions of #WMI, it's history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier.

#assetmanagement #remotemanagement #wbem #wmi #windows

DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescu

Wbemtest: http://blogs.technet.com/b/chad/archive/2012/03/08/tip-45-wbemtest-the-underappreciated-tool.aspx

WMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx

TuneIn podcast Link: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

RSS: http://www.brakeingsecurity.com/rss

 

Show notes

Further episodes of BrakeSec Education Podcast

Further podcasts by Bryan Brake, Amanda Berlin, Brian Boettcher

Website of Bryan Brake, Amanda Berlin, Brian Boettcher