Windows Management Instrumentation

Description

Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components.

Products, Sensors, and Dependencies

Product	Dependencies	Data source	Access required	Protocol	Data Collected	Notes

References

Enumerate Local Group Memberships

Microsoft Windows SMB Service Config Enumeration

Netstat Connection Information

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Execution

Technique: Windows Management Instrumentation

Products Required: Tenable Vulnerability Management

Detections

Analytics

Windows Management Instrumentation

Description

Products, Sensors, and Dependencies

References

Attack Path Technique Details