This talk will dive into WMI/MI and what it can do for both administrators and adversaries. We will cover the history of WMI/MI, how it works, how it is used normally, and how it can be used maliciously and finally how to spot misuse. Real world scenarios will be discussed along with more theoretical capabilities of WMI/MI misuse. We will be discussing modern (last 6 months) techniques that are being seen in the wild utilizing WMI and the challenges faced by defenders to identify these techniques. Since many tools do not fully detect these WMI events it can be difficult for administrators and incident responders to clearly and easily contain WMI worms or malicious activity.