Hooking Windows Named Pipes with thats_no_pipe
Named Pipes are interprocess communication primitives used by many Windows applications.
However, these operating system APIs are often blindly trusted, and one can intercept and tamper with transmitted data by abusing a Man-in-the-Middle setup.
Commonly admitted mitigations implies checking process IDs, executable signatures or permissions on the named pipe. With proper tooling, such mitigations can be bypassed.
This presentation will delve into Windows Named Pipes APIs while highlighting common attacks, usual mitigations, and how to bypass them using the soon-to-be-opensource tool thats_no_pipe.
