Close
Student Name:
Student Email:

Windows Management Instrumentation (WMI) has been used by Windows administrators for various system management operations since Windows NT. As WMI is often used to automate administrative tasks, it is ripe for misuse by attackers. Thus, understanding WMI and its inner workings will enable both Red and Blue Teams to fully utilize its power.


In this training, we will discuss how WMI and CIM can be utilized for offensive as well as defensive security. Different utilities like PowerShell built-in cmdlets, PowerShell scripts, native windows tools and more are discussed. Various attacks like enumeration and information gathering, lateral movement, persistence, backdoors, modifying security descriptors etc. will be executed by utilizing WMI. We will also discuss how WMI can be used for agentless monitoring, detection of the aforesaid attacks and more.


A non-exhaustive list of topics covered include:


Getting Started with WMI:

  • WMI Basics and Architecture
  • WMI Components
  • Usage Scenarios
  • Powershell Cmdlets
  • Relationships between WMI Classes

WMI for Red Teams:

  • Information Gathering
  • Lateral Movement
  • Backdoors
  • Persistence
  • Security Descriptors
  • Attack Scenarios

WMI for Blue Teams:

  • Indicators of Compromise
  • Agentless Detection
  • Defenses against the Red Team attacks shown above


33% OFF for First 50 Only! 

Register for just $199!

5 Hours 30 Minutes of Hands-On Demo Videos!