49 min listen
Unavailable
Currently unavailable
2015-043: WMI, WBEM, and enterprise asset management
Currently unavailable
2015-043: WMI, WBEM, and enterprise asset management
ratings:
Length:
45 minutes
Released:
Oct 22, 2015
Format:
Podcast episode
Description
WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely.
Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use. It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system.
Mr. Boettcher and I sit down and discuss the functions of #WMI, it's history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier.
#assetmanagement #remotemanagement #wbem #wmi #windows
DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescu
Wbemtest: http://blogs.technet.com/b/chad/archive/2012/03/08/tip-45-wbemtest-the-underappreciated-tool.aspx
WMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx
TuneIn podcast Link: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
RSS: http://www.brakeingsecurity.com/rss
Show notes
Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use. It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system.
Mr. Boettcher and I sit down and discuss the functions of #WMI, it's history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier.
#assetmanagement #remotemanagement #wbem #wmi #windows
DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescu
Wbemtest: http://blogs.technet.com/b/chad/archive/2012/03/08/tip-45-wbemtest-the-underappreciated-tool.aspx
WMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx
TuneIn podcast Link: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
RSS: http://www.brakeingsecurity.com/rss
Show notes
Released:
Oct 22, 2015
Format:
Podcast episode
Titles in the series (100)
2020-023-James Nelson from Illumio, cyber resilence, business continuity: James Nelson, VP of Infosec, Illumio How has COVID-19 changed cybersecurity? Why is cyber resilience especially important now? What are the most important steps to ensure cyber-resiliency? How do you talk to business leaders about investing in... by BrakeSec Education Podcast