How does the shared file method work for establishing an RDP tunnel?

When establishing an RDP connection with file sharing enabled (using mstsc.exe, FreeRDP, or xfreerdp), a shared folder is created between client and server. The client and server can then read and write files in this shared folder to exchange data, effectively using it as a covert channel. This technique is demonstrated in the External C2 POC from Outflank, which follows Cobalt Strike's External C2 specification.