WINDOWS MANAGEMENT INSTRUMENTATION – A FRONTDOOR FOR MALWARES! Windows Management Instrumentation is an implementation of web based enterprise management. WMI was a packaged along with the OS since Windows 2000. In the recent version of Windows it has been bundled by default. Ever since the “protection” has been increased, attackers have been looking for alternative ways to do remote code execution, steal passwords and run with system privileges. There has been an increase in malware binaries which specifically use WMI for various privilege escalation purposes without getting detected. WMI was specifically abused by malware authors to target financial sector. It is easy to create a process on a remote machine with a WMI client. Since 2013 there has been various reports of malware using WMI to gather system data before executing predominant payload. This talk will give an introduction to WMI and demonstrate the various ways that WMI can be used as an attacker’s swiss army knife, how malware authors are using this to leverage their exploits, how the present day tools can be used and how to protect against these type of attacks.