Get unparalleled cyber security training from real-world practitioners in Nashville. Save $200 thru 10/30.

Brussels Autumn 2017

Brussels, Belgium | Mon, Oct 16 - Sat, Oct 21, 2017
This event is over,
but there are more training opportunities.

Detecting WMI persistence using Sysmon

  • Michel Coene
  • Monday, October 16th, 7:00pm - 8:00pm

In September 2017 Microsoft released the latest version of Sysmon which now allows you to log elements of Windows Management Instrumentation (WMI) persistence. But now what is WMI persistence and how do adversaries abuse WMI. We all know WMI as a tool via which we can query our host for information and even execute programs through. We will look at how WMI operates in the Windows operating system, discuss how adversaries have already been abusing this tool for a long time and what Sysmon logs in terms of WMI persistence.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, October 16
Session Speaker Time Type
Detecting WMI persistence using Sysmon Michel Coene Monday, October 16th, 7:00pm - 8:00pm SANS@Night
Tuesday, October 17
Session Speaker Time Type
Advanced Incident Response Techniques Steve Armstrong Tuesday, October 17th, 6:00pm - 7:00pm SANS@Night
InfoSec Rock Star: Geek Will Only Get You So Far Ted Demopoulos Tuesday, October 17th, 7:00pm - 8:00pm SANS@Night
Thursday, October 19
Session Speaker Time Type
NVISO Community Night Thursday, October 19th, 6:00pm - 9:00pm SANS@Night