Skip to content

A CIA tradecraft technique to asynchronously detect when a process is created using WMI.

Notifications You must be signed in to change notification settings

hackerhouse-opensource/WMIProcessWatcher

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

WMIProcessWatcher

This is the Central Intelligence Agency (CIA) Applied Engineering Department (AED) WMI Process Watcher tradecraft, re-created from the Vault7 description. It observes events for newly created processes using WMI as an alternative stealthy way to enumerate running processes.

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.

About

A CIA tradecraft technique to asynchronously detect when a process is created using WMI.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages