In recent years, attacks against Windows RPC have been increasing day by day. In the process of software development, we often use Remote Process Communication (RPC) as a channel for transmitting messages between software. However, when developers use Windows API, they often do not pay attention on the privilege management of the underlying MS-RPCE, and even the official system services developed by Microsoft based on the MS-RPCE interface also have this type of vulnerability.

The root cause of these vulnerabilities is that developers do not fully understand the complex user privileges management provided by Windows, resulting in the failure to properly manage user privileges during the development process, resulting in endless vulnerabilities.

This agenda will analyze the various Potato-named tools commonly used in penetration testing one by one, analyze the attack methods that can be generated through MS-RPCE vulnerabilities, and propose corresponding mitigations, as well as how to inspect MS-RPCE interfaces that lack proper privilege management .