William Ballenthin, Matt Graeber, Claudiu Teodorescu FireEye Labs Advanced Reverse Engineering (FLARE) Team, FireEye, Inc.WINDOWS MANAGEMENT INSTRUMENTATION (WMI) OFFENSE, DEFENSE, AND FORENSICSW H I T E P A P E RSECURITY REIMAGINEDWilliam Ballenthin, Matt Graeber, Claudiu Teodorescu FireEye Labs Advanced Reverse Engineering (FLARE) Team, FireEye, Inc.Windows Management Instrumentation (WMI) Offense, Defense, and Forensics2CONTENTSIntroduction 2Revision History 6WMI Architecture 7WMI C