Based on the Impacket library, researchers at Pentera have built an implementation of the PsExec tool that runs only on port 135. This means blocking just port 445 to restrict malicious PsExec activity is no longer enough to prevent most attacks.