[podcast] WMI, WBEM, and enterprise asset management

WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely.Why are we talking about it? Its use in the enterprise and by admins is rarely used, but use in moving laterally by bad actors is growing. It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system. Mr. Boettcher and I sit down and discuss the functions of#WMI, its history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier.Direct Link: https://traffic.libsyn.com/brakeingsecurity/2015-043-wmi_remote_management.mp3DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescuWbemtest: http://blogs.technet.com/b/chad/archive/2012/03/08/tip-45-wbemtest-the-underappreciated-tool.aspxWMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspxTuneIn podcast Link: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/RSS: http://www.brakeingsecurity.com/rss