Creeping on Users with WMI Events: Introducing PowerLurk

Introduction and Intent Since watching FireEye FLAREā€™s ‘WhyMI So Sexy?‘ at Derbycon last September, I have wanted to better understand WMI Events and apply them to offensive security operations. I saw the potential, but my comprehension was lacking and a comprehensive offensive WMI toolset did not exist. I was recently taken to school on WMI…