Hello everyone!
My name is Andrei and I am a master's student at the Technical University of Eindhoven. I'm studying Information Security Technology, which is just fancy wording for cybersecurity. Unfortunately, I don't know sufficient Dutch so I can ask my question directly in it, so hopefully it is not too bad I'm doing it in English.
Currently, I am working on my master thesis, titled "Analysis of WMI-based Attacks in Microsoft Windows Environments" (title is a work in progress). The main research idea is looking into what are the differences in how WMI is used by sysadmins vs how it is being misused by threat actors. Then, by identifying these differences, I can choose criteria that can be used for detection systems to lower the number of false positives specifically for WMI.
And here comes my question. For my methodology, I need to hold a number of interviews with professionals from the sysadmin pool and from the red team pool. I am looking in this sub for sysadmins who have work experience using WMI, who have a max of 45 minutes of free time, and have an open mind to have an informal and fun conversation with a student.
The interview is a mix of open questions and filling in an Excel sheet. The sheet contains PowerShell and WMIC commands split into three categories: Enumeration, Code Execution, and Persistence. I am interested if you ever used those commands, in what context, and a concrete example. My list is also open for additions, probably I did not cover every command which can be used. I won't ask for too much personal information, only the name, position, and company you work/worked at. I would like to have a diverse pool of professionals (different companies etc,). I will also send the questions and sheet in advance so you have an idea of how to answer some of them.
Thank you for reading and I hope some of you would be interested in helping me or at least forwarding my request to people that would want to help me!
Than you again for your time!
My name is Andrei and I am a master's student at the Technical University of Eindhoven. I'm studying Information Security Technology, which is just fancy wording for cybersecurity. Unfortunately, I don't know sufficient Dutch so I can ask my question directly in it, so hopefully it is not too bad I'm doing it in English.
Currently, I am working on my master thesis, titled "Analysis of WMI-based Attacks in Microsoft Windows Environments" (title is a work in progress). The main research idea is looking into what are the differences in how WMI is used by sysadmins vs how it is being misused by threat actors. Then, by identifying these differences, I can choose criteria that can be used for detection systems to lower the number of false positives specifically for WMI.
And here comes my question. For my methodology, I need to hold a number of interviews with professionals from the sysadmin pool and from the red team pool. I am looking in this sub for sysadmins who have work experience using WMI, who have a max of 45 minutes of free time, and have an open mind to have an informal and fun conversation with a student.
The interview is a mix of open questions and filling in an Excel sheet. The sheet contains PowerShell and WMIC commands split into three categories: Enumeration, Code Execution, and Persistence. I am interested if you ever used those commands, in what context, and a concrete example. My list is also open for additions, probably I did not cover every command which can be used. I won't ask for too much personal information, only the name, position, and company you work/worked at. I would like to have a diverse pool of professionals (different companies etc,). I will also send the questions and sheet in advance so you have an idea of how to answer some of them.
Thank you for reading and I hope some of you would be interested in helping me or at least forwarding my request to people that would want to help me!
Than you again for your time!
:strip_icc():strip_exif()/u/8430/logo.jpg?f=community){kind=logo}
Dit topic is gesloten.