Updated:
If you’ve been reading our blog, you know that Windows software can be weaponized to allow hackers to live-off-the-land and stealthily steal sensitive data. Insiders are also aware of the dark side of Windows software. In our Guide to WMI Events as a Surveillance Tool, you’ll learn how employees can abuse Windows Management Instrumentation (WMI) system to monitor and steal credentials from other employees.
What makes this combination of insiders and WMI particularly dangerous is that it doesn’t require much technical knowledge, and the WMI PowerShell cmdlets are generally accessible to average users!
WMI is an under-appreciated but powerful system for communication and event monitoring that has become a go-to tool for hackers and clever insiders. In the ebook, we’ll show how employees can set up WMI temporary and permanent events to monitor other employees’ computer usage, trigger an alarm when certain users log on, and then download and crack their cached hashes.
We’ve included worked out scenarios, sample scripts, and tips on how to monitor your system’s own WMI event usage to spot the insiders!
Download the Varonis WMI Event and Surveillance ebook and get the inside track on insider threats today.