Sunday, June 26, 2022

Cobalt Strike DFIR: Listening to the Pipes

Happy Holidays! This weeks update is a bit of a shorter blog, mostly to keep me busy while on Christmas holidays!

Recently I stumbled across svch0st’s “Guide to Named Pipes and Hunting for Cobalt Strike Pipes”. If you haven’t read it, I highly recommend it.

Named Pipes have been something that I’ve thought about for a while, especially how do we take advantage of them during active compromise. Named Pipes have worked their way into a lot of common malicious behaviour, especially with:

Modulat…

Read More

Latest news
Related news