all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Finding Evil WMI Event Consumers with Disk Forensics

Add to bookmarks
w
May 22, 2023, midnight |

SANS Blog www.sans.org

WMI event consumers will continue to be abused in the wild as long as organizations fail to discover and remediate them. While live collection and analysis is preferable to scale efforts across a network, this post covered disk-based artifacts and tools available for use during deeper forensic investigations. A KAPE target exists to collect the required files for offline analysis, making it an easy check to perform during incident response forensic investigations.

analysis artifacts collection consumers continue discover disk event fail forensic forensics investigations kape live network organizations scale target tools wmi

Visit resource

More from www.sans.org / SANS Blog

SA
Deploying Multi Factor Authentication – The What, How, and Why 2 days, 19 hours ago | www.sans.org
authentication blog factor
SA
Insane Incident Incursion Recursion: Mastering Incident Response Reporting Regulations 3 days, 19 hours ago | www.sans.org
blog control control system incident +8
SA
Spring 2024 Update: Explore the Latest Enhancements to SANS FOR585: Smartphone Forensic Analysis In-Depth 6 days, 19 hours ago | www.sans.org
analysis depth forensic forensic analysis +6
SA
The Ripple Effect: NIS2's Impact on Cybersecurity Practices Across the EU 1 week, 2 days ago | www.sans.org
blog compliance cybersecurity cybersecurity practices +5
SA
Following the Trail of Threat Actors in Google Workspace Audit Logs 1 week, 6 days ago | www.sans.org
audit challenge data data sources +17
SA
Enhancing Your Cyber Defense: Comparing Simulations and Tabletop Exercises 2 weeks, 1 day ago | www.sans.org
blog cyber cyber defense defense +4
SA
Aviata Cloud Solo Flight Challenge 2 weeks, 2 days ago | www.sans.org
challenge cloud cloud security flight +5
SA
Beyond Compliance: Leveraging NIS2 for Enhanced Cyber Resilience and Leadership Accountability 2 weeks, 3 days ago | www.sans.org
accountability beyond blog compliance +5
SA
The Quest to Summit | SANS ICS Security Summit 2024 3 weeks, 2 days ago | www.sans.org
ics ics security quest register +4

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

DevSecOps Engineer

@ LinQuest | Beavercreek, Ohio, United States
View on infosec-jobs.com

Senior Developer, Vulnerability Collections (Contractor)

@ SecurityScorecard | Remote (Turkey or Latin America)
View on infosec-jobs.com

Cyber Security Intern 03416 NWSOL

@ North Wind Group | RICHLAND, WA
View on infosec-jobs.com

Senior Cybersecurity Process Engineer

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

Sr. Manager, Cybersecurity and Info Security

@ AESC | Smyrna, TN 37167, Smyrna, TN, US | Santa Clara, CA 95054, Santa Clara, CA, US | Florence, SC 29501, Florence, SC, US | Bowling Green, KY 42101, Bowling Green, KY, US
View on infosec-jobs.com
View more jobs