THREATOPS
THREAT OPSThreat News › Hooking Windows Named Pipes

Hooking Windows Named Pipes

lowsynacktiv

During security assessments, we often see desktop applications composed of several processes. Some of them run as SYSTEM, and others run in the user session context, meaning they are unprivileged. These processes need to communicate in some way, and often use Windows Named Pipes as IPC mechanisms (Inter-Process-Communication). Once opened, named pipes are a (usually) bidirectional communication ch

MITRE ATT&CK techniques

Original source: https://www.synacktiv.com/en/publications/hooking-windows-named-pipes.html