I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers' Tradecraft

The Remote Desktop Protocol (RDP) is a critical attack vector used by evil threat actors including in ransomware outbreaks. To study RDP attacks, we created PyRDP, an open-source RDP interception tool with unmatched screen, keyboard, mouse, clipboard and file collection capabilities. Then we built a honeynet that is composed of several RDP Windows servers exposed on the cloud. We ran them for three years and have accumulated over 150 million events including 100 hours of video footage, 570 files collected from threat actors and more than 20,000 RDP captures.... By: Andréanne Bergeron , Olivier Bilodeau Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#i-watched-you-roll-the-die-unparalleled-rdp-monitoring-reveal-attackers-tradecraft-33110