NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security

An undetected attack method dubbed NoFilter Attack has been found to harm the Windows Filtering Platform (WFP) in order to achieve privilege escalation in the Windows operating system.

NoFilter Attack Bypasses Windows Security

Ron Ben Yizhak, a security researcher at Deep Instinct stated:

“If an attacker has the ability to execute code with admin privilege and the target is to perform LSASS Shtinkering, these privileges are not enough.”

The findings were submitted at the DEF CON security conference. Let me tell you that the research begins with an in-house tool called RPC Mapper. This cybersecurity company actually maps remote procedure call (RPC) methods, particularly those that summon WinAPI, leading to the discovery of a method named “BfeRpcOpenToken,” which is also an element of WFP. The point worth mentioning here is that WFP is a set of API and system services used to process network traffic. It allows configuring filters that allow or stop communications. Ben Yizhak further added:

“The takeaway is that new attack vectors can be found by looking into built-in components of the OS, such as the Windows Filtering Platform. Avoid WinAPI that are monitored by security products.”

In other words, the NoFilter has the ability to launch a new console as “NT AUTHORITY\SYSTEM” or as another user that is signed on to the machine. The attack technique can be altered to perform the replication in the kernel via WFP, making it both secretive by leaving hardly any proof or logs.

Check Out: DARPA Kicks Off Study To Start Lunar Economy In Next 10 Years – (phoneworld.com.pk)

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!

Laiba Mohsin

Laiba is an Electrical Engineer seeking a placement to gain hands-on experience in relevant areas of telecommunications. She likes to write about tech and gadgets. She loves shopping, traveling and exploring things.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
>