WMI Attacks and Defense
What about this course?
Windows Management Instrumentation (WMI) has been used by Windows administrators for various system management operations since Windows NT. As WMI is often used to automate administrative tasks, it is of equal use for attackers as it is for defenders. It is very helpful to understand WMI and its working to be able to fully utilize its power both for Red and Blue teams. In this training through demonstrations and hands-on, we will discuss how WMI and CIM can be utilized for offensive as well as defensive security. Different utilities like PowerShell built-in cmdlets, PowerShell scripts, native windows tools, and Linux tools will be discussed. Various attacks like enumeration and information gathering, lateral movement, persistence, backdoors, modifying security descriptors, etc. will be executed by utilizing WMI. We will also discuss how WMI can be used for agentless monitoring, detection of the above-mentioned attacks, and more. <p> </p> <p><span style="font-size:18px"><span style="color:#e74c3c"><strong>IMPORTANT INFORMATION!</strong></span></span></p> <p><span style="color:#dddddd"><strong>As of January 15th 2023, Pentester Academy & INE no longer offers:</strong></span></p> <li><span style="color:#dddddd"><strong>Enterprise Security Labs (Active Directory/Red Team Labs & Courses)</strong></span></li> <li><span style="color:#dddddd"><strong>Active Directory/Azure Bootcamps and its associated certifications (CRTP/CRTE/PACES/LinuxAD/CARTP/CAWASP)</strong></span></li> <p><span style="color:#dddddd"><u><strong>Prior to April 18th 2023, all current subscribers will still be able to access this course, after which it will be no longer available.</strong></u></span></p>

Instructor for this course
Nikhil Mittal
InfoSec Researcher
This course is composed by the following modules
Course Introduction
WMI Architecture
Using WMI Classes
Using WMI Methods
WMI Associations
Remote Computers
WMI: Registry
Info Gathering with WMI
Active Directory Enumeration with WMI
Information Storage
Lateral Movement - Command Execution Win32 Service
Storage and C2C
Custom Providers
WMI Events
Security Descriptor
Manual Detection
Blue Team Tools
Course Conclusion
Create your own Lab Setup
Common Course Questions
If you have a question you don’t see on this list, please visit our Frequently Asked Questions page by clicking the button below.
If you’d prefer getting in touch with one of our experts, we encourage you to call one of the numbers above or fill out our contact form.
Do you offer training for all student levels?