GET /api/techniques/357/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 357,
"key": "smb-named-pipes",
"unprotect_id": "U9011",
"name": "SMB / Named Pipes",
"description": "Named Pipes are a feature of the Windows operating system that allow for inter-process communication (IPC) using a pipe metaphor. These are particularly useful in networking scenarios as they can be made accessible over a network and facilitate a client-server model of communication. The SMB (Server Message Block) protocol is commonly used in Windows environments for shared access to files, printers, and other network services.\r\n\r\nWhen malware uses Named Pipes over the SMB protocol for network evasion, it is essentially wrapping its communication in layers of legitimate-looking traffic. Named Pipes can be set up to pass data packets that may appear harmless or even normal to network monitoring tools. This makes detection harder because the malicious traffic is mixed with regular, authorized network activity.",
"resources": "https://learn.microsoft.com/en-us/windows/win32/ipc/named-pipes?WT_mc_id=SEC-MVP-5005282\nhttps://learn.microsoft.com/en-us/dotnet/standard/io/pipe-operations?WT_mc_id=SEC-MVP-5005282\nhttps://github.com/DarkCoderSc/SharpShellPipe",
"creation_date": "2023-08-27T16:55:16.842000Z",
"tags": "Named Pipes, SMB, Network, Pivot, Evasion",
"modification_date": "2023-10-04T10:44:36.278000Z",
"category": [
9
],
"rules": [],
"attachments": [],
"featured_api": [
23,
380,
450,
620,
621,
622,
623,
624
],
"contributors": [
4
]
}
