We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Andréanne Bergeron - Characterizing Remote Desktop Attackers
Characterizing Remote Desktop Attackers: Discover the behaviors, tactics, and tools employed by RDP attackers, including the most common usernames and passwords, and learn how to improve RDP security.
- Remote Desktop Protocol (RDP) is a common vector for ransomware attacks.
- RDP attacks are often human-operated, with attackers using various tools to gain access and maintain control.
- The majority of RDP attacks are performed by “barbarians” who use brute-force attacks and exploit default usernames and passwords.
- “Rangers” are a more sophisticated group of attackers who use more advanced techniques, such as creating ghost users and leveraging compromised hosts.
- “Wizards” are the most skilled group of attackers, using fileless malware and advanced techniques to evade detection.
- The most common RDP usernames and passwords are “admin” and “password”, respectively.
- The majority of RDP attacks are performed by individuals in their 20s and 30s, with a majority being male.
- RDP attacks are often perpetrated by individuals in countries with high internet censorship, such as Iran and China.
- The use of RDP as a remote access tool is declining due to its lack of security and the increasing use of alternative protocols.
- The PyRDP tool is an open-source tool that can be used to detect and analyze RDP attacks.
- The Silver Bullet tool is a web application security testing tool that can be used to detect vulnerabilities in RDP connections.
- The NLBrute tool is a password cracking tool that can be used to crack RDP passwords.
- The GoSecure research lab has published a report on the characteristics of RDP attackers, including their motivations, techniques, and tools.
- The report also provides recommendations for improving RDP security, including the use of strong passwords, two-factor authentication, and regular security updates.