The dark side of Microsoft Remote Procedure Call protocols

MSRPC to ATT&CK is a one-stop shop for learning more about Remote Procedure Calls, how adversaries abuse them, and how you can detect related malicious activity.

What is MSRPC?

MSRPC to ATT&CK

Protocol name

Interface UUID

Server binary

Endpoint

ATT&CK relation

Indicators of activity (IOA)

Prevention opportunities

Notes

Useful resources

How can I use this?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store