Back to Resources

Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs

Security solutions engineers always find new ways to monitor OS events to mitigate threats on endpoints. These approaches typically reuse different built-in Windows mechanisms that were never designed with security first in mind. WMI provides rich information about the computing environment which allows monitoring via event filters, consumers, and bindings to get notifications about important […]
Watch Now