OpenVAS runs WMIExec
2024-10-13 by mttaggart
TFW the vuln scanner runs offensive tools.
When connecting to Windows hosts, OpenVAS will run impacket-wmiexec against the host. The resulting events look identical to a secretsdump run that you'd hunt for.