In Summary : A more sophisticated attacker would prefer to use remote execution techniques more likely to get masked by a constant stream...
https://updatesinfosec.blogspot.com/2018/05/no-win32process-needed-expanding-wmi.html
In Summary :
A
more sophisticated attacker would prefer to use remote execution
techniques more likely to get masked by a constant stream of
similar-looking, yet benign behaviors or techniques that abuse an
execution channel that’s less likely to be monitored by defenders. For
this reason, expanding the set of available lateral movement techniques
allows attackers to shape the way they appear to defenders and evade
detection [...]
kindly refer the following link as follow up :
https://ift.tt/2I7mmdJ
