THREAT OPS › Threat News › Hooking Windows Named Pipes
Hooking Windows Named Pipes
During security assessments, we often see desktop applications composed of several processes. Some of them run as SYSTEM, and others run in the user session context, meaning they are unprivileged. These processes need to communicate in some way, and often use Windows Named Pipes as IPC mechanisms (Inter-Process-Communication). Once opened, named pipes are a (usually) bidirectional communication ch
MITRE ATT&CK techniques
- Bidirectional CommunicationT1102.002