NoFilter, an unpatched previously undetected attack method, uses the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system.
If an attacker has the ability to execute code with admin privilege and the target is performing LSASS shrinkering, these privileges are not enough.
Ron Ben Yizhak, a security researcher at Deep Instinct, tells The Hacker News that new attack vectors can be found by looking into built-in components of the OS, such as the WFP.
He notes that the methods avoid WinAPI that are monitored by security products.
In other words, NoFilter can launch a new console as NT Authority /STEM or as another user that is logged on to the machine.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply