Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session


Varonis eBook: WMI Events and Insider Surveillance

Data Security

WMI and insider surveillance illustration of a monitor with an eye

If you’ve been reading our blog, you know that Windows software can be weaponized to allow hackers to live-off-the-land and stealthily steal sensitive data. Insiders are also aware of the dark side of Windows software. In our Guide to WMI Events as a Surveillance Tool, you’ll learn how employees can abuse Windows Management Instrumentation (WMI) system to monitor and steal credentials from other employees.

What makes this combination of insiders and WMI particularly dangerous is that it doesn’t require much technical knowledge, and the WMI PowerShell cmdlets are generally accessible to average users!

WMI is an under-appreciated but powerful system for communication and event monitoring that has become a go-to tool for hackers and clever insiders. In the ebook, we’ll show how employees can set up WMI temporary and permanent events to monitor other employees’ computer usage, trigger an alarm when certain users log on, and then download and crack their cached hashes.

We’ve included worked out scenarios, sample scripts, and tips on how to monitor your system’s own WMI event usage to spot the insiders!

Download the Varonis WMI Event and Surveillance ebook and get the inside track on insider threats today. 


Andy Green

Andy Green

Andy blogs about data privacy and security regulations. He also loves writing about malware threats and what it means for IT security.


Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.