Trend#11: Abusing Remote procedure calls
Remote procedure calls (RPC) are used to facilitate local and remote communication between client and server programs, such as windows services. Depending on privilege levels and security checks that are (or not) performed when these functions are implemented, adversaries can abuse RPCs to perform any malicious actions. The Printnightmare was a prime example of this, where adversaries quickly adapted them from proofs of concept for privilege escalation into real-world attacks.
Return To Article
