Ebook

135 is the new 445 PsExec over Remote Procedure Calls

135 is the new 445 PsExec over Remote Procedure Calls

Pages 8 Pages

Pentera Labs revealed that PsExec, a popular Windows administration tool, can be executed over port 135 using DCE/RPC, not just the commonly monitored port 445 with SMB. By modifying the Impacket PsExec implementation, researchers showed how commands can be run remotely without relying on SMB for transport or output, making lateral movement harder to detect. This technique highlights a blind spot in security monitoring, as defenders often focus on SMB traffic while overlooking RPC on port 135. The report stresses the need to monitor DCE/RPC activity closely to prevent stealthy attacks.

Join for free to read