This document provides an overview of Windows Management Instrumentation (WMI) and techniques for abusing WMI for offensive operations. It begins with introducing the author and includes an outline of topics to be covered. It then defines WMI and compares it to SQL databases. The document discusses useful WMI queries, using WMI for user hunting, creating WMI event subscriptions, duplicating WMI classes, and hiding WMI methods. It also covers storing files in WMI, creating custom WMI providers, and registering WMI providers without triggering event log warnings. In summary, the document outlines various techniques for abusing WMI for offensive purposes such as persistence, fileless execution, and covert command and control.