- This event has passed.
Anti-Cast | WMI Abuse: How Threat Actors Use WMI
January 17 @ 12:00 pm – 1:00 pm EST
In this free one-hour Antisyphon Anti-Cast, Gerard Johansen, Principal Readiness Engineer for Red Canary and Antisyphon instructor, will run through how threat actors use the Windows Management Instrumentation (WMI) for Lateral Movement and Persistence.
Gerard will walk through how threat actors use WMI, what trace evidence is left, and how to analyze WMI abuse.
Finally, Gerard will walk through some demonstrations using Atomic Red Team and forensic tools.
Chat with your fellow attendees in the Antisyphon Discord server here: Join the Antisyphon Training Discord Server! — in the #🍿anticasts-chat channel
Clicking on this button will take you to a registration form on Zoom.
Join us for PreShow Banter™ at 11:30 a.m. ET
You can also livestream the event on YouTube.
Pricing:
Gerard Johansen is a cyber security professional with over a decade of experience in Incident Response, Digital Forensics, Security Operations and Cyber Threat Intelligence. During his tenure in the cyber security field, Gerard has served as both a digital forensics and instruction analysis professional as well as an Incident Commander, managing large scale network intrusions and ransomware cases. Currently Gerard works within a Managed Detection and Response vendor where he works directly with customers providing consultation and guidance around forensics, log management and incident resolution. A frequent speaker, Gerard has presented at various conferences including Wild West Hackin’ Fest. He is also completing a fourth edition of his book; Digital Forensics and Incident Response.