RDP Forensics without endpoint visibility

Опубликовано: 01 Март 2025
на канале: Corelight

1,329

With increases in remote work, VPN and RDP services are prime targets for gaining unauthorized access to organizations. RDP services secured by passwords are subject to brute-force guessing and credential stuffing attacks, not to mention remote exploitation. Advisories are using RDP to gain initial access to organizations and then pivot to distribute and spread ransomware. In this technical training, we will take a deep dive look at threats to RDP services, adversarial TTP involving RDP, and explore how artifacts from encrypted RDP sessions are leveraged to build detections.

CTF Challenge:
1. Browse to tryhackme.com
2. Make a free tryhackme.com account (No subscription required)
3. Check your email, validate your e-mail address
4. Enter this direct link: tryhackme.com/jr/corelightrdpctf

Links to mentioned resources:
https://corelight.com/blog/2021/05/20...
https://corelight.com/blog/2020/05/13...
• vZW20 - Day 2 - A Structural Approach...
https://twitter.com/anthonykasza?lang=en