This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
H, The issue is that the custom signature(s) do not fire when I send specific MSRPC bind requests through the firewall. I only see msrpc identified by the firewall, but clearly see the specific BIND request in a PCAP on the server. In the case of the signature in the OP, I am looking for the DFS BIND request. Thanks!
... View more
I am trying to create a number of custom MSRPC based App's using the msrpc-req-bind-data contact. I have set msrpc as the parent app, dynamic TCP and UDP for the ports, and the signatures are set to the session scope. I pulled the hex for the BIND request interfaces directly from Wireshark running on the AD server. See below screenshot for the signature (this is the interface for DFS):
... View more