Combined display of all available logs of RCATs. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).
- 17:08, 26 January 2023 Ali3nw3rx talk contribs created page Windows Management Instrumentation Event Subscription (Created page with "Adversaries may establish persistence and elevate privileges by executing malicious content triggered by a Windows Management Instrumentation (WMI) event subscription. WMI can be used to install event filters, providers, consumers, and bindings that execute code when a defined event occurs. Examples of events that may be subscribed to are the wall clock time, user loging, or the computer's uptime.[1] Adversaries may use the capabilities of WMI to subscribe to an event a...")