https://github.com/kiwids0220/ETWPlayGround
The past week, I was playing around with PRCmon from Cyberark.
It all started when I was trying to monitor the RPC calls made by https://github.com/SecureAuthCorp/impacket/blob/master/examples/psexec.py. At the time, I did not know what’s the difference between RPCServerCall and RPCClientCall. But obvsiouly, there is a difference. And this is the blog I want to dive into how I tumbled through the question.
https://www.notion.so/kiwids/Impacket-psexec-ba863984ed0a42d0b4b96936f2815d24