This talk will dive into WMI/MI and what it can do for both administrators and
adversaries. We will cover the history of WMI/MI, how it works, how it is used
normally, and how it can be used maliciously and finally how to spot misuse.
Real world scenarios will be discussed along with more theoretical capabilities
of WMI/MI misuse. We will be discussing modern (last 6 months) techniques that
are being seen in the wild utilizing WMI and the challenges faced by defenders
to identify these techniques. Since many tools do not fully detect these WMI
events it can be difficult for administrators and incident responders to
clearly and easily contain WMI worms or malicious activity.