Windows Remote Procedure Call (Windows RPC) is a Windows feature that allows clients to call procedures located in programs running on remote servers.
The Windows RPC service consists of two components on the server:
- An endpoint mapper that can be queried for a list of available endpoints. The endpoint mapper usually runs on port 135.
- RPC endpoints that clients can bind to and call. These endpoints usually run on ports above 49000. Multiple endpoints can be exposed on a single port.
Configuring a Windows RPC endpoint mapper on a Canary
Canaries can run a Windows RPC endpoint mapper on port 135 that will alert when a client binds to it.
Follow these steps to enable the Windows RPC endpoint mapper on a Canary:
- Click on the Canary you want to configure.
- Click on Configure Canary to open its settings.
- Scroll down to the Windows RPC Endpoint Mapper and enable the toggle.
- Click Deploy new configuration to deploy the settings to the Canary.
Please feel free to reach out to us over here if you have any questions.