January 20–21, 2021 Events & Webinars

The Detection Series: Windows Management Instrumentation

January 20–21, 2021 @ 1-1:30 PM ET

This is not your standard-issue webinar. We’re ditching the traditional format to bring you something new: two 30-minute sessions with an interactive detection challenge for your team. Get ready to dive in with Microsoft, MITRE, and Red Canary.

Be a part of the experience | Jan. 20-21

In this 2-part live event and detection challenge, you’ll uncover tactical strategies for observing and detecting Windows Management Instrumentation (WMI) in your environment.

  • Save time: jump into two 30-minute sessions over two days (1/20 and 1/21)
  • Enjoy an interactive detection challenge: get hands-on with your team and unlock a free Red Canary shirt
  • Explore best practices: build effective detection analytics for WMI with insights from Microsoft, MITRE, and Red Canary
  • Understand adversary behaviors: see how WMI is used for lateral movement and discovery

Windows Management Instrumentation [T1047] is an execution technique adversaries use for lateral movement and discovery. It consistently ranks in our top 20 threats, and we detected more than 700 confirmed threats leveraging WMI in 2020.

Attackers leverage Windows Management Instrumentation because it offers them an effective way to interact with remote systems in ways that blend in with normal activity.

The technique is a staple of many ransomware threats and trojans and is also used routinely in attack toolkits like Empire, Metasploit, and Cobalt Strike. If you’re an attacker with a foothold on a single machine in an environment, WMI can potentially give you the ability to pivot to more important or additional machines in that environment.

Register to learn more
 

Greg Bailey
Director, Incident Handling, Red Canary
 

Christopher Glyer
Principal Software Engineer, Cloud Security R&D, Microsoft
 

Jamie Williams
Lead Cyber Adversarial Engineer, MITRE
 

Joe Savini
Principal Solutions Specialist, Red Canary
 

Julie Brown
Detection Engineer, Red Canary
 

Matt Graeber
Director of Threat Research
 
Greg Bailey
Director, Incident Handling, Red Canary
 
Christopher Glyer
Principal Software Engineer, Cloud Security R&D, Microsoft
 
Jamie Williams
Lead Cyber Adversarial Engineer, MITRE
 
Joe Savini
Principal Solutions Specialist, Red Canary
 
Julie Brown
Detection Engineer, Red Canary
 

Matt Graeber
Director of Threat Research