Parsing data is a fundamental ability that anyone serious about information security should consider putting time and effort into understanding. It can mean the difference between spamming Ctrl+F in a text editor and pulling out exactly what you need with a Bash one-liner that took a couple of minutes to create and modify. In the…

Introduction and Intent Since watching FireEye FLARE’s ‘WhyMI So Sexy?‘ at Derbycon last September, I have wanted to better understand WMI Events and apply them to offensive security operations. I saw the potential, but my comprehension was lacking and a comprehensive offensive WMI toolset did not exist. I was recently taken to school on WMI…