A Voyage to Uncovering Telemetry

This white paper explores Remote Procedure Call (RPC) technology from a detection engineering perspective. It breaks down RPC components and processes, offering insights into identifying and monitoring RPC-based attack techniques like DCSync and remote service creation. The paper covers: · Core RPC components: interfaces, methods, endpoints, and stubs · Identifying and tracking RPC server code and communications · Converting research data into scalable telemetry · Detection strategies using Windows Security Events and Zeek Through analysis, the author shows how understanding RPC can reveal new detection opportunities. Read for insights into leveraging RPC telemetry for effective threat detection.