WSL2 – the other ”other” attack surface

 Threats & Research 

meet-threat-hunters_1940x970-1024x512
Reading time: 1 min min
Connor Morley
 

03.02.20 1 min. read

 

 

 

As Windows development marches on, with it comes numerous improvement and innovations. However, as with all technical advances, this can lead to unexpected vulnerabilities or systems to maliciously exploit. WSL2 is the new and improved Linux subsystem in Windows. WSL is a built-in mechanism that allows Linux distributions to be installed and run as a component of the host OS.

We have shown in previous papers how WSL1 could be used for malicious actions. In this paper, we explore the new and improved WSL2 explaining its operational makeup, its potential appeal to attackers and investigate potential malicious capabilities. We will dissect the primary difference between the legacy and new system and explain the benefits and flaws of this upgrade. We outline some of the flaws in the configuration as well as provide tested malicious behavior (with POC) that can be deployed using WSL2.

By understanding the key differences and potentially malicious behavior, we will also provide a defensive monitoring evaluation and explain the potential methods of detection for this component. We also explain the key differences in detection between the two versions and the difficulties that arise from the new architecture.

Download whitepaper

 

Related posts

Read more
meet-threat-hunters_1940x970-1024x512
  • Blog post
  • 2017
  • Melissa Michael
  • Attack Surface Management

Of Cameras & Compromise: How IoT Could Dull Your Competitive Edge

The Internet of Things is here. And with it are exciting possibilities, cost savings and efficiencies. But there’s a dark side to this bright new world, and it can be summed up in what we call Hypponen’s Law: If it’s smart, it’s vulnerable.

Read more
ws_woman_looking_at_computer_screen_with_pen
  • Blog post
25 augusti 2023

How to decompile any Python binary

Read more
ws_cold_boot_attack_demo
  • Blog post
25 augusti 2023

The Chilling Reality of Cold Boot Attacks

Read more