Under The Radar: The NoFilter Attack Exploits Windows Filtering Platform (WFP)
- A new attack method dubbed ‘NoFilter’ has been exposed, which can abuse the Windows Filtering Platform (WFP) for privilege escalation in Windows OS.
- Ron Ben Yizhak, a security researcher from Deep Instinct, highlighted that administrative privileges are insufficient for a hacker aiming to perform LSASS Shtinkering.
NoFilter Attack: The New Kid on The Block
The world of tech and cybersecurity is buzzing like a caffeinated bee, stinging us with the news of a newly undetected attack method. Much like my household’s WiFi password, ‘NoFilter’ is anything but straightforward, wielding the power to abuse the Windows Filtering Platform in order to make a b-line towards privilege escalation within the Windows operating system.
All Privileges Are Not Made Equal
Of course, one might presume that being at “admin level” is like being the king of the tech castle. But, according to Ron Ben Yizhak from Deep Instinct, this is not necessarily true. Imagine this as the tech equivalent of being the oldest sibling but still not being allowed to access the cookie jar on the top shelf. For an attacker with intentions to execute code that results in LSASS Shtinkering, having admin privileges just doesn’t cut the cookie, I mean, code.
In a nutshell, or should I say a computer shell? (Get it? No? Too techy, sorry!). A previously undetected attack method, ‘NoFilter’, uses the Windows Filtering Platform to overshoot its privileges within the Windows operating system. This means it can carry out actions it’s not supposed to, like a rebellious teenager. And, while we all like to think having the title ‘admin’ means all-powerful, it turns out there are some tech tasks that even admin can’t accomplish. Still, best to stay on its good side, right?
Original Article: https://thehackernews.com/2023/08/nofilter-attack-sneaky-privilege.html