According to ongoing malware research, one of the preferred methods of IPC between malware components flows through a Windows IPC mechanism known as Named Pipes. We will present a new open source tool for sniffing Named Pipes communication and show how it can be easily used to passively obtain malware’s decrypted configuration or actively clean infected machine with a single pipe command. We will also show how to manifest the tools abilities using Cuckoo Sandbox for automated analysis.