Tag

Rpc

5 briefs RSS

PhantomRPC: Windows RPC Privilege Escalation Vulnerability

A vulnerability in Windows RPC architecture allows an attacker to create a fake RPC server and escalate their privileges to SYSTEM level, leveraging processes with impersonation privileges.

Windows privilege-escalation rpc

2r 1t 1w ago

high advisory

CVE-2026-26183 Windows RPC API Local Privilege Escalation

2 rules 1 TTP 1 CVE 1 IOC

CVE-2026-26183 allows a locally authenticated attacker to escalate privileges due to improper access control within the Windows RPC API.

privilege-escalation windows rpc

2r 1t 1c 1i 2w ago

high advisory

Detecting External RPC Traffic for Initial Access

2 rules 2 TTPs

This brief focuses on detecting Remote Procedure Call (RPC) traffic originating from the internet, a common initial access vector, by monitoring network connections to TCP port 135 and filtering known internal IP ranges.

Elasticsearch initial-access network rpc

2r 2t Jan 9, 2024

high advisory

Detecting RPC Traffic to the Internet

2 rules 2 TTPs

This brief focuses on detecting Remote Procedure Call (RPC) traffic originating from internal networks and reaching the public internet, which is indicative of potential initial access or backdoor activity.

Elastic License v2 network-traffic initial-access lateral-movement rpc

2r 2t Jan 3, 2024

high advisory

Remote Registry Lateral Movement via RPC Firewall

2 rules 3 TTPs

This brief details detection of lateral movement attempts using remote RPC calls to modify the registry, potentially leading to code execution, detected via RPC Firewall logs.

lateral-movement defense-impairment persistence rpc

2r 3t Jan 2, 2024