Lateral movement over Named Pipes is a great method to evade defenders and it was being used in many well-known APTs such as Duqu, Regin, APT28 and many more. With malware-less running in-memory and encrypted named pipes running over default windows SMB, it’s almost impossible to identify such malicious activity. Attackers’ point of view is ROI driven and they will do anything to hide themselves within legitimate appearance in your network to keep their operation alive. In this lecture we will explore named pipe and its capabilities, how it’s being used to evade detection, why advanced attackers are leveraging it and what can defender do to find these mysterious pipes.Back to Open CFP
Are we going to cover mailslots too? :)
Just like COM, named pipes are the (past) future of Windows vulnerabilities :)
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to firstname.lastname@example.org. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: