Mitigating the Risks of Remote Desktop Protocols

Remote Desktop Protocol (RDP) is the de facto standard for remote access in Windows environments. It grew in popularity over the last couple years due to the pandemic. Many workers are now relying on it to perform duties on remote systems. RDP is secure when well-deployed. Unfortunately, we’ve found that’s rarely the case and it’s common for users to ignore the security warnings.

GoSecure Titan Labs has spent three years working on and reimplementing parts of RDP in PyRDP, our open-source RDP library. This presentation shares what we have learned and how it can be applied to attack and defend against RDP threats.

From an attacker’s perspective, we will cover:

  • Conventional RDP attacks such as Monster-in-the-Middle (MITM) for RDP connections
  • Capture of NetNTLMv2 hashes
  • Techniques to bypass conventional defense mechanisms such as Network Level Authentication (NLA)

Did you know that by default all clients allow server-side NLA downgrades right now? This will enable us to understand and identify the risks of RDP.

From a Blue Team / defender perspective, we will provide:

  • Techniques and tools to detect attacks
  • Step-by-step instructions to deploy an accessible RDP server that is both secure and functional
Détection et réponse gérées Titan
Antivirus de nouvelle génération
Détection et réponse sur les terminaux
Détection et réponse sur le réseau
Détection et réponse sur les boîtes de messagerie
Détection et réponse face aux menaces internes
Gestion des pare-feu
Gestion des SIEM
La gestion des vulnérabilités en tant que service
GoSecure Titan
Logiciel Titan
Sécurité de la messagerie
Sécurité Web
Boîte à outils «Responder PRO Forensics»
Services professionnels
Services de préparation aux brèches
Les services-conseils personnalisés en cybersécurité
Évaluation de la cybersécurité
Services de réponse aux incidents
Services des équipes « Red & Purple »
Services de tests d'intrusion
Services de conformité et d'audit
Évaluation de la compromission de la sécurité
Technologies tierces

Pin It on Pinterest