The Forgotten Interface- Windows Named Pipes - Gil Cohen - Hack in Paris - 2017
Hack in Paris via YouTube
Overview
Explore the often-overlooked Windows named pipes interface and its potential security implications in this 27-minute conference talk from Hack in Paris 2017. Delve into how named pipes can be exploited as an application-level entry vector for various attacks, including buffer overflows, denial of service, and code injection. Learn about connecting to named pipes, understanding ACLs and connection limitations, enumeration techniques, content sniffing, and fuzzing methods. Discover the potential impact of named pipe exploitation and gain insights into mitigation strategies and defense mechanisms. Enhance your cybersecurity knowledge by understanding this forgotten interface that could be a potential entry point for attackers.
Syllabus
Intro
core Services
Introduction To Key Terms
Connecting To A Named Pipe
Ppe ACLS And Connection Limitation
Enumerating And Scanning For Named Pipes
Snilling Named Pipes Content
Fuzzing Named Pipes
Exploitation And Impact
Mitigation And Defense
Closing remarks
Taught by
Hack in Paris