LOLAPI
Back to API Browser

System.IO.Pipes.NamedPipeClientStream

⚠️ High Risk📁 Windows Dotnet Api🏷️ inter process-communication✅ Verified
#windows-dotnet-api#ipc#lateral-movement

🔧 API Details

Namespace

System.IO.Pipes

Language

.NET 3.5+

Class

NamedPipeClientStream

Official Documentation

https://learn.microsoft.com/en-us/dotnet/api/system.io.pipes.namedpipeclientstream

📊 Risk Assessment

Severity

High

Prevalence

medium

Ease of Abuse

medium

Likelihood in Real Attacks

55%

🎯 MITRE ATT&CK Techniques

T1570

Click to view on MITRE ATT&CK

Abuse Scenarios

Lateral movement via named pipes

Technique: T1570

🚨 Common in Campaigns

Connect to named pipes to communicate with other processes/machines

Code Example:

NamedPipeClientStream pipeClient = new NamedPipeClientStream(".", "malware_pipe");
pipeClient.Connect();
StreamWriter writer = new StreamWriter(pipeClient);
writer.WriteLine(command);
Detection Difficulty: Medium

🔍 Detection Strategies

Sysmon

HIGH Effectiveness

Monitor for NamedPipe connections between processes

EDR

HIGH Effectiveness

Behavioral detection of unusual named pipe usage

🛡️ Mitigation Strategies

monitoring

MEDIUM Feasibility

Monitor named pipe creation and access

🕵️ Threat Intelligence

👥 APT Groups / Threat Actors

APT28

APT29

🦠 Malware Families

Cobalt Strike

🔨 Tools

Cobalt Strike

📋 Metadata

API ID

b14c8be4-1d86-48a6-9d5b-7c106b0a9089

Created

2026-02-02

Author

Claw