AUGUST 1, 2023

Deep Instinct Spotlights Need for Predictive Prevention at Black Hat and DEF CON 2023

Threat Researchers Will Give Talks on Abusing WFP for Privilege Escalation and Staying Undetected Using the Windows Container Isolation Framework

NEW YORK, NY and LAS VEGAS (August 1, 2023)Deep Instinct, the prevention-first cybersecurity company that stops unknown malware pre-execution with a purpose-built, AI-based deep learning (DL) framework, today announced its participation at this year’s Black Hat and DEF CON 31 conferences in Las Vegas.

Deep Instinct will showcase its award-winning, first-of-its-kind Predictive Prevention Platform at booth #2812 in the Mandalay Bay Convention Center during Black Hat. In addition, members of Deep Instinct’s Threat Research team will deliver two talks during DEF CON at the Caesars Forum.

  • Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework
    • SPEAKER: Daniel Avinoam, Security Researcher, Deep Instinct

    • WHEN: Friday, August 11th at 10 AM PT

    • WHAT: The use of containers is an integral part of any resource-efficient and secure environment. Starting with Windows Server 2016, Microsoft released its version of this solution, Windows Containers, which offers process and Hyper-V isolation modes. In both cases, an efficient file system separation should be provided. This presentation will cover the basics of Windows containers, break down its file system isolation framework, reverse-engineer its main mini-filter driver, and see how it can be utilized and manipulated by a bad actor to bypass EDR products in multiple domains.

  • #NoFilter: Abusing Windows Filtering Platform for Privilege Escalation

    • SPEAKER: Ron Ben-Yizhak, Security Researcher, Deep Instinct

    • WHEN: Sunday, August 13th at 12 PM PT

    • WHAT: Privilege escalation is a common attack vector in the Windows OS. There are multiple offensive tools in the wild that can execute code as “NT AUTHORITY\SYSTEM” (Meterpreter, CobaltStrike, Potato tools), and they all usually do so by duplicating tokens and manipulating services. This talk will show an evasive and undetected privilege escalation technique that abuses the Windows Filtering Platform (WFP). Additionally, the various components of the Windows Filtering Platform will be analyzed, including the Basic Filtering Engine, the TCPIP driver, and the IPSec protocol, while focusing on how to abuse them to extract valuable data.

To get a live demo or book a 1x1 meeting, contact us. To keep up with the latest Black Hat and DEF CON activities, follow Deep Instinct on Twitter using hashtags #BHUSA and #DEFCON2023.

As cyber threats continue to increase in volume and velocity, and emerging technologies like AI expand the threat landscape, a reactive approach to data security is no longer sufficient. Deep Instinct is the first and only data security company with a purpose-built Deep Learning framework built to protect a company’s most valuable asset, its data, by preventing known and unknown threats.

To learn more about how the Deep Instinct Predictive Prevention Platform can help your organization predict and prevent threats from infiltrating your organization, please visit


About Deep Instinct
Deep Instinct takes a prevention-first approach to stopping ransomware and other malware using the world’s first and only purpose-built, deep learning cybersecurity framework. We predict and prevent known, unknown, and zero-day threats in <20 milliseconds, 750x faster than the fastest ransomware can encrypt. Deep Instinct has >99% zero-day accuracy and promises a <0.1% false positive rate. The Deep Instinct Predictive Prevention Platform is an essential addition to every security stack – providing complete, multi-layered protection against threats across hybrid environments. For more, visit

Media Contacts
Maddie Meuse
Inkhouse for Deep Instinct