Named Pipe – D E C E I V E R . I O

Deceive, Detect, Engage

Fake Named Pipe with Delayed Response

Create a decoy named pipe that mimics a legitimate inter-process communication channel but introduces a significant delay before responding to client requests. This can be used to identify attackers attempting to exploit vulnerabilities or gather information through named pipes, as well as to disrupt their activities.

Deceptive Named Pipe Server

Goal: Detect attempts to communicate with known malicious named pipes.

Approach: Monitoring for connections to deceptive named pipes.

This element creates a named pipe with a name commonly used by malware. When malware attempts to connect, the deceptive server captures information about the malware and can optionally deliver a deceptive payload.

Tag: Named Pipe

Fake Named Pipe with Delayed Response

Deceptive Named Pipe Server

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense