drop sysmon event 17 18 csvs or handle exports · detect malicious named pipe usage · cobalt strike pipe patterns · common c2 framework pipe names · lateral movement via pipes · privilege escalation via pipe impersonation · runs locally
pipe artifacts
drop sysmon 17/18 or handle csv
or click
drop sysmon event 17/18 csv or handle exports