Learn about a novel privilege escalation technique through a DEF CON 31 conference presentation that explores vulnerabilities in the Windows Filtering Platform (WFP). Discover how to execute programs as "NT AUTHORITY\SYSTEM" and other logged-on users by exploiting this built-in Windows component, which has been present since Windows Vista. Dive deep into reverse engineering of RPC methods, analysis of the Basic Filtering Engine, TCPIP driver, and IPSec protocol components. Understand how this evasive technique differs from traditional privilege escalation methods that rely on token duplication and service manipulation, while avoiding detection by conventional security algorithms. Gain insights into how WFP's network traffic processing and filtering capabilities can be leveraged for system compromise.
Abusing Windows Filtering Platform for Privilege Escalation - Undetected Attack Techniques
Overview
Syllabus
DEF CON 31 - #NoFilter Abusing Windows Filtering Platform for privilege escalation - Ron Ben Yizhak
Taught by
DEFCONConference
Related Courses
-
Windows Privilege Escalation - Token Impersonation With RoguePotato & PrintSpoofer
-
Manipulating Shim and Office Infrastructure for Code Injection and Privilege Escalation
-
10 Years of Windows Privilege Escalation with Potatoes
-
Windows Privilege Escalation - Exploiting AutoRun Programs
-
Windows Red Team Privilege Escalation Techniques - Bypassing UAC and Kernel Exploits
-
TryHackMe Ice - Walkthrough - Windows Privilege Escalation
