Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more

https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside