Understanding Windows Management Instrumentation(WMI)

329c58dea9e402f5246d7bef0883776f?s=47 Bharath
March 10, 2018

Understanding Windows Management Instrumentation(WMI)

Slides from "Understanding WMI" talk given at Null, Bangalore March 10th 2018.

Repo for the talk - https://github.com/yamakira/understanding-wmi

Windows Management Instrumentation (WMI) is a core component of Windows that was designed to allow administrators to perform local and remote management operations across a network. WMI has been extensively used in Windows/AD administration. WMI has gained popularity among both attackers & defenders in recent times. This talk is to understand what exactly is WMI and what's in it for an admin/attacker/defender?

The outline of the talk:

Why bother understanding WMI?
What is WMI?
WMI architecture
WMI & Powershell
Useful WMI queries
Attacker & Defender perspective of WMI
Lab setup - for practice
Moving Forward



March 10, 2018