BestHub
Sign in
Tagged articles
3 articles
Page 1 of 1
Black & White Path
Black & White Path
May 10, 2026 · Information Security

Bypassing Traditional WMIExec Detection with a File‑less WMI Lateral Movement Technique

The article dissects a stealthy, file‑less WMI lateral movement method that avoids the obvious Win32_Process.Create signature by hijacking stopped LocalSystem services, leveraging the LOLBIN ScriptRunner.exe to execute remote SMB scripts, automatically restoring the service and leaving minimal forensic traces.

Detection EvasionFileless AttackLOLBIN
0 likes · 7 min read
Bypassing Traditional WMIExec Detection with a File‑less WMI Lateral Movement Technique
ITPUB
ITPUB
May 19, 2019 · Information Security

Uncovering a SQL Server Job That Hid a Persistent Malware Loader

This article details a multi‑stage, file‑less attack that leveraged weak SQL Server credentials, Transact‑SQL stored procedures, and WMI to download and execute a downloader (cabs.exe) which fetched multiple botnet components, and explains the forensic steps and remediation measures taken to eradicate the threat.

SQL ServerStored ProcedureWMI
0 likes · 7 min read
Uncovering a SQL Server Job That Hid a Persistent Malware Loader
dbaplus Community
dbaplus Community
Dec 3, 2017 · Databases

Why MySQL Connector/NET Randomly Fails Authentication and How to Fix It

An intermittent MySQL authentication error on Windows caused by the Connector/NET driver’s slow WMI OS‑info query triggers a server‑side timeout, and the article explains how packet analysis revealed the root cause and how caching or removing the WMI call resolves the issue.

AuthenticationConnector.NETDebugging
0 likes · 7 min read
Why MySQL Connector/NET Randomly Fails Authentication and How to Fix It