New PsExec spinoff lets hackers bypass network security defenses


Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135.

PsExec is designed to help administrators execute processes remotely on machines in the network without the need to install a client.

Threat actors have also adopted the tool and are frequently using it in post-exploitation stages of an attack to spread on the network, run commands on multiple systems, or deploy malware.

Read more…
Source: Bleeping Computer