We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers' Tradecraft
Uncover the tradecraft of RDP attackers by analyzing session data with GoSecure's monitoring tool, revealing 5 distinct attacker profiles and their tactics to evade detection.
- Attackers often use legitimate software, such as RDP, to gain access to systems.
- RDP can be monitored and controlled using PyRDP, an open-source tool.
- Attackers use various tactics, techniques, and procedures (TTPs) to evade detection, including pivoting, using compromised systems, and exploiting weak passwords.
- The MITRE ATT&CK framework can be used to classify attacker behaviors and TTPs.
- Phishing kits and other social engineering tools are used to manipulate users into revealing sensitive information.
- Crypto mining tools are used to monetize compromised systems, and stolen credentials are then sold on the dark web.
- MassCan, a common internet scanner, is used to scan for vulnerabilities and identify potential targets.
- NLBrute, a tool used to brute-force RDP credentials, is often detecting by security software.
- SilverBullet, a black hat tool, is used to disguise its true purpose and evade detection.
- GoSecure has developed a tool to monitor and analyze RDP sessions, providing insights into attacker behaviors and TTPs.
- The tool has identified 5 main attacker profiles: the ranger, the wizard, the barbarian, the thief, and the bard.
- Each profile has unique characteristics and behaviors, and understanding these can help defenders develop effective countermeasures.
- GoSecure has released a report on its findings, including the data it collected and the insights it gained from analyzing the RDP sessions.