Anti-Malware Research Whitepapers

An Overview of WMI Hijacking Techniques in Modern Malware

The discovery of Stuxnet in 2010, followed by its in-depth analysis, uncovered several “industry firsts”, including hijacking of Windows Management Instrumentation (WMI) to enumerate users and spread to available network shares.

In the past decade, most of the malware features at least one technique to hijack WMI for persistence, discovery, lateral movement or defense evasion.

This whitepaper describes how WMI hijacking works and how it is used in several families of malware currently in existence.

Sounds interesting? Download the paper below:

Download the whitepaper

About the author

Ruben Andrei CONDOR

Ruben Andrei Condor is a young and enthusiastic security researcher at Bitdefender. Fascinated by cyber attacks, and driven by out-of-the-box thinking and creativity, he seeks to understand how malicious actors think and operate. When he's not looking for interesting malware or new attack techniques, he's probably nearby in the cool tech section. He believes that nothing is perfect, everything can be hacked - it just takes time.

Add Comment

Click here to post a comment