TT 脆弱性 Blog

脆弱性情報に関する「個人」の調査・研究のログ

トップ > プロトコル: RDP > Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more

Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more

プロトコル: RDP OS: Windows 脆弱性: CVE-2022-21893

【図表】

f:id:tanigawa:20220113073913p:plain
Virtual channel communication between rdpclip.exe, RDS and the RDP client
f:id:tanigawa:20220113073929p:plain
Output of Sysinternals’ pipelist utility showing the TSVCPIPE pipe
f:id:tanigawa:20220113073946p:plain
MiTM process intercepting the TSVCPIPE communication
f:id:tanigawa:20220113074006p:plain
RDPDR initialization sequence from the protocol specification
f:id:tanigawa:20220113074055p:plain
Change Handles
出典: https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside


【ブログ】

◆Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more (CyberArk, 2022/01/11)
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 2006 - 2022