All times are in Pacific Daylight Time (UTC-0700).

  • Track: Main Channel: Friday 10/08 @ 1500-1555 PDT

This talk will dive into WMI/MI and what it can do for both administrators and adversaries. We will cover the history of WMI/MI, how it works, how it is used normally, and how it can be used maliciously and finally how to spot misuse. Real world scenarios will be discussed along with more theoretical capabilities of WMI/MI misuse. We will be discussing modern (last 6 months) techniques that are being seen in the wild utilizing WMI and the challenges faced by defenders to identify these techniques. Since many tools do not fully detect these WMI events it can be difficult for administrators and incident responders to clearly and easily contain WMI worms or malicious activity.

Wasabi is a security researcher who dabbles in the arts of system administration. He participated in CCDC, CPTC, and many CTFs as a competitor before starting to help organize cyber defense competitions himself. He is now the Black Team lead for WRCCDC.

Read More

twitter @spiceywasabi

© 2021 ShellCon