【図表】
Virtual channel communication between rdpclip.exe, RDS and the RDP client
Output of Sysinternals’ pipelist utility showing the TSVCPIPE pipe
MiTM process intercepting the TSVCPIPE communication
RDPDR initialization sequence from the protocol specification
Change Handles
出典: https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
【ブログ】
◆Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more (CyberArk, 2022/01/11)
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside