Abusing Windows Management Instrumentation (WMI) To Build a Persistent Asynchronous and Fileless Backdoor

by Matthew Graeber
Sept. 18, 2017 1 comment Black Hat belen_caty

Imagine a technology that is built into every Windows operating system going back to Windows 95, runs as System, executes arbitrary code, persists across reboots, and does not drop a single file to disk. Such a thing does exist and it's called Windows Management Instrumentation (WMI). This talk will introduce WMI and demonstrate its offensive uses. We will cover what WMI is, how attackers are currently using it in the wild, how to build a full-featured backdoor, and how to detect and prevent these attacks from occurring.


Steven Ulm 8 months, 1 week ago

Honestly, just imagining this technology creeps me out a little... great info both for people in this area of interest as well as for the daily interent consumer!