Investigating WMI Attacks 

Advanced adversaries are increasingly adding WMI-based attacks to their repertoires, and most security teams are woefully unprepared to face this new threat. Join SANS Senior Instructor Chad Tilbury for an overview of the state of WMI hacking, including real world examples of nation state and criminal actor tradecraft. Detection tools and analysis techniques for addressing the threat will be discussed along with actionable steps to better increase your organizations security posture.
Read Chad Tilburys Blog Investigating WMI attacks here: digital-forensics.sans.org/bl...
Speaker Bio
Chad Tilbury
Chad has over 20 years of experience working with government agencies, defense contractors, and Fortune 500 companies. He served as a Special Agent with the Air Force Office of Special Investigations, where he investigated and conducted computer forensics for a variety of crimes, including murder, abduction, espionage, fraud, hacking, intellectual property theft, child exploitation, terrorism, and computer intrusions. He has led international forensic teams, built forensic departments, and spent over eight years as an incident response consultant and technical director with Mandiant and CrowdStrike. Here at SANS, Chad is a senior instructor and co-author for two six-day courses: FOR500: Windows Forensic Analysis (www.sans.org/FOR500), which focuses on the core skills required to become a certified forensic practitioner, and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics (www.sans.org/FOR508), which teaches sophisticated computer intrusion analysis and advanced threat hunting techniques.

Наука