Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
Tags
attack-pattern: Data Model Clipboard Data - T1414 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Clipboard Data - T1115 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID 450bf1d6-e162-4827-9bca-df31550f9395
Fingerprint 14b9cd9bfe214895
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 11, 2022, midnight
Added to db Feb. 17, 2023, 11:14 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
Title Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
Detected Hints/Tags/Attributes 39/1/6
Source URLs
Redirection Url
Details Source https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
URL Provider
Details Provider Source level domain
Details cyberark.com www.cyberark.com
Attributes
Details Type #Events CTI Value
Details CVE 2 
cve-2022-21893
Details CVE 2 
cve-2022-24533
Details Domain 452 
msrc.microsoft.com
Details File 1122 
svchost.exe
Details File 30 
rdpclip.exe
Details Url 1 
https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-21893.