flare-wmi/WMI-IDS at master · mandiant/flare-wmi · GitHub

This repository has been archived by the owner on Jul 6, 2024. It is now read-only.

Name		Name	Last commit message	Last commit date
parent directory ..
Demo Video		Demo Video
README.md		README.md
WMI_IDS.psm1		WMI_IDS.psm1

README.md

WMI-IDS is a proof-of-concept agent-less host intrusion detection system designed to showcase the unique ability of WMI to respond to and react to operating system events in real-time.

WMI-IDS is a PowerShell module that serves as an installer of WMI events on a local or remote system. The presence of PowerShell is not a requirement on the target system.

Installation

`Import-Module <path to WMI_IDS.psm1>`

Imports the WMI_IDS PowerShell module and makes its functions publicly accessible.

`Get-Command -Module WMI_IDS`

Lists the functions exposed in the WMI_IDS module.

`Get-Help <function>`

Prints the detailed help for any of the WMI_IDS module functions.