Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Abusing Windows Filtering Platform for Privilege Escalation - Undetected Attack Techniques

DEFCONConference via YouTube

Overview

Learn about a novel privilege escalation technique through a DEF CON 31 conference presentation that explores vulnerabilities in the Windows Filtering Platform (WFP). Discover how to execute programs as "NT AUTHORITY\SYSTEM" and other logged-on users by exploiting this built-in Windows component, which has been present since Windows Vista. Dive deep into reverse engineering of RPC methods, analysis of the Basic Filtering Engine, TCPIP driver, and IPSec protocol components. Understand how this evasive technique differs from traditional privilege escalation methods that rely on token duplication and service manipulation, while avoiding detection by conventional security algorithms. Gain insights into how WFP's network traffic processing and filtering capabilities can be leveraged for system compromise.

Syllabus

DEF CON 31 - #NoFilter Abusing Windows Filtering Platform for privilege escalation - Ron Ben Yizhak

Taught by

DEFCONConference

Reviews

Start your review of Abusing Windows Filtering Platform for Privilege Escalation - Undetected Attack Techniques

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.