Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135.
PsExec is designed to help administrators execute processes remotely on machines in the network without the need to install a client.
Threat actors have also adopted the tool and are frequently using it in post-exploitation stages of an attack to spread on the network, run commands on multiple systems, or deploy malware.
Read more…
Source: Bleeping Computer