asteroza + wmi   24

ChrisTruncer/WMImplant: This is a PowerShell based tool that is designed to act ...
Stuffing an implant into WMI even under DeviceGuard and constrained language mode
WMI  RAT  implant  powershell  pentesting  security  hacking  PoC  Delicious 
march 2017 by asteroza
realparisi/WMI_Monitor: Log newly created WMI consumers and processes
Sets up a new WMI subscription to dump new WMI subscriptions/actions to windows application log, which can then be scraped by various SIEM means to detect persistence/lateral movement.
security  WMI  subscription  consumer  logging  monitoring  log  application  event  powershell  script  Delicious 
august 2016 by asteroza

Copy this bookmark: