Persistent Asynchronous and Fileless Backdoor
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
WMI – Benefits to an Attacker• Service enabled <strong>and</strong> remotely available on all Windowssystems by default• Runs as SYSTEM• Relatively esoteric persistence mechanism• Other than insertion into the WMI repository, nothingtouches disk• Defenders are generally unaware of WMI as an attack vector• Uses an existing, non-suspicious protocol• Nearly everything on the operating system is capable oftriggering a WMI event