Persistent Asynchronous and Fileless Backdoor
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Remote WMI Protocols - DCOM• DCOM connections established on port 135• Subsequent data exchanged on port dictated by– HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet –Ports (REG_MULTI_SZ)– configurable via DCOMCNFG.exe• Not firewall friendly• By default, the WMI service – Winmgmt is running <strong>and</strong> listening on port135