Sysmonで採取したWMIイベントログをElasticsearchで参照してみる - Qiita
ATT&CK® EVALUATIONS
Abusing Windows Managent Instrumentation - Red Teaming Experiments
Windows Management Instrumentation (WMI) | Hejely Lab
Orbital Query Corner - Hunting WMI based backdoor mechanisms - Cisco Community
Discover How to Filter Remote Event Log Entries in Windows Vista - Scripting Blog
Windows Event Log Filtering Techniques - Papertrail
WMI - The Stealthy Component
Event 10 Mystery Solved | PC's Xcetra Support
How to check the service status in the windows computer | ManageEngine ADAudit Plus
How to monitor/detect PrintNightmare CVE-2021-1675 / CVE-2021-34527 | EventSentry
whodunnit: powershell tool for filtering windows event logs
Handling a distributed cryptominer AD worm | Certego
ファイルレス活動」を備えた仮想通貨発掘マルウェア「COINMINER」を確認、「EternalBlue」を利用して感染 | トレンドマイクロ セキュリティブログ
Orbital Query Corner - Hunting WMI based backdoor mechanisms - Cisco Community
Creating WMI Permanent Event Subscriptions Using MOF - CodeProject
Windows Management Instrumentation (WMI) Guide: Understanding WMI Attacks
Bear Hunting: Tracking Down COZY BEAR Backdoors
Handling a distributed cryptominer AD worm | Certego
Notify with WMI -- Microsoft Certified Professional Magazine Online
The fastest way to filter events by description | Event Log Explorer blog
WMI for Blue - Pentest Diaries
Event Viewer Troubleshooting. Using Event Viewer to troubleshoot… | by Yadav, Niteesh | Level Up Coding
WMI Blue Team tools - Pentest Diaries
