all InfoSec news
Introducing Windows Notification Facility’s (WNF) Code Integrity
Malware Analysis, News and Indicators - Latest topics malware.news
By Yarden Shafir, Senior Security Engineer
WNF (Windows Notification Facility) is an undocumented notification mechanism that allows communication inside processes, between processes, or between user mode processes and kernel drivers. Similar to other notification mechanisms like ETW (Event Tracing for Windows) and ALPC (Advanced Local Procedure Call), WNF communication happens over different “channels,” each representing a unique provider or class of information.
Offensive engineers already found several uses for WNF. Alex Ionescu and Gabrielle Viala reported information leaks and denial-of-service …
advanced alpc call code communication drivers engineer event facility integrity kernel local mode notification procedure processes security security engineer tracing windows