all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploring Impersonation through the Named Pipe Filesystem Driver

Add to bookmarks
May 3, 2023, 3:07 p.m. | Jonathan Johnson

Security Boulevard securityboulevard.com

Introduction


Impersonation happens often natively in Windows, however, adversaries also use it to run code in the context of another user. Recently I was researching named pipe impersonation which naturally led me digging into the Win32 API ImpersonateNamedPipeClient. I had never really dug into how ImpersonateNamedPipeClient worked under the hood, so I wanted to do so. During analysis, I saw that a call to NtFsControlFile was made:



NtFsControlFile is a function that allows the caller to send a value …

adversaries api code context driver filesystem impersonation introduction led research run under win32 windows

Visit resource

More from securityboulevard.com / Security Boulevard

Miggo Unfurls Real-Time Application Detection and Response Platform 7 hours ago | securityboulevard.com
ai and machine learning in security and response api security application +21
From Caesar to Cyberspace: The Growing Menace of Obfuscated Phishing Scams 9 hours ago | securityboulevard.com
attackers caesar cto corner cyberattacks +17
HHS Strengthens Privacy of Reproductive Health Care Data 9 hours ago | securityboulevard.com
administration biden biden administration care +37
UnitedHealth: Ransomware Attackers Stole Huge Amount of Data 12 hours ago | securityboulevard.com
attackers breach care cloud security +32
Oak Ridge, McCrary Institute Establish Cybersecurity Center Focused on Electrical Grid 13 hours ago | securityboulevard.com
addition center centers critical +29
PuTTY SSH Client Vulnerability Allows Private Key Recovery 14 hours ago | securityboulevard.com
blog client critical critical vulnerability +15
5 Tips for API Hackers on Picking Your First Target 14 hours ago | securityboulevard.com
api api hacking fundamentals api hacking mindset apis +11
TuxCare Names Glen Kuhne as Vice President of Enterprise Sales 15 hours ago | securityboulevard.com
alto april customer customer success +22
AI: Friend or Foe? Unveiling the Current Landscape with MixMode’s State of AI in Cybersecurity … 16 hours ago | securityboulevard.com
ai ai cybersecurity artificial artificial intelligence +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Director, Data Security Lead

@ Mastercard | London, England (Angel Lane)
View on infosec-jobs.com

Security Officer L1

@ NTT DATA | Texas, United States of America
View on infosec-jobs.com

Sr. Staff Application Security Engineer

@ Aurora Innovation | Seattle, WA
View on infosec-jobs.com

Senior Penetration Testing Engineer

@ WPP | Chennai
View on infosec-jobs.com

Cyber Security - Senior Software Developer in Test

@ BlackBerry | Bengaluru, Residency Road
View on infosec-jobs.com
View more jobs