While reading and analyzing the imfamous psexec.py. I was looking through other exposed namedpipes to be vulnerable for us to use.

I laied my eyes on \\pipe\\ntsvcs and \\pipe\\trkwks . Which are listening for two types of protocols can be used by Distributed Link Tracking: Workstation Protocol (MS-DLTW).