December 23, 2019

Have No Fear, WMI Is Here: Identify Lateral Movement and Malicious Backdoors with Windows Management Instrumentation [Splunk Enterprise, Splunk Enterprise Security]

Attackers are increasingly using a 'living off the land' approach, often using crypto mining malware, EternalBlue, timing, or other attacks that leverage the Windows Management Instrumentation Command Line. These attacks typically don't generate any events via conventional Sysmon and PowerShell, so even if you're pulling in those logs you likely won't see them. Join this session to learn how to detect and protect your organization from these advanced WMI-based attacks.

Speaker(s)
Ryan Becwar, Sales Engineer, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1550.pdf?podcast=1577146215

Product: Splunk Enterprise, Splunk Enterprise Security

Track: Security, Compliance and Fraud

Level: Intermediate

...more

View all episodes

By Splunk

December 23, 2019

Have No Fear, WMI Is Here: Identify Lateral Movement and Malicious Backdoors with Windows Management Instrumentation [Splunk Enterprise, Splunk Enterprise Security]

Speaker(s)
Ryan Becwar, Sales Engineer, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1550.pdf?podcast=1577146215

Product: Splunk Enterprise, Splunk Enterprise Security

Track: Security, Compliance and Fraud

Level: Intermediate

...more

Share Have No Fear, WMI Is Here: Identify Lateral Movement and Malicious Backdoors with Windows Management Instrumentation [Splunk Enterprise, Splunk Enterprise Security]

Sign up to save your podcasts

Have No Fear, WMI Is Here: Identify Lateral Movement and Malicious Backdoors with Windows Management Instrumentation [Splunk Enterprise, Splunk Enterprise Security]

Have No Fear, WMI Is Here: Identify Lateral Movement and Malicious Backdoors with Windows Management Instrumentation [Splunk Enterprise, Splunk Enterprise Security]