Back To Schedule
Thursday, August 29 • 12:00pm - 12:30pm
Malicious Behavior Detection using WMI

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
How do we know when trusted applications that are integral to the operating system are being used for evil?
How do determine is the behaviour is normal or has malicious intent?
Through this talk I will discuss the challenges around detecting the malicious use of native windows application or so called Living Off The Land binaries. 
I will explore Windows Management Instrumentation (WMI)  in depth, and show how it can be used to detect changes to various aspects of Windows.
Demonstrating how we can combine simple behavioural indicators of suspicious activity with aspects of WMI to create a framework for detecting malicious behaviour.

avatar for Ben Lister

Ben Lister

Junior Security Consultant, Uni of Manchester & NCC Group
Recent graduate of Computer Science and Maths from University of Manchester. Long term intern and soon to be consultant at NCCGroup. Powershell Enthusiast with an interest in Windows Security.

Thursday August 29, 2019 12:00pm - 12:30pm BST
Track 4 (Rookie)