Mitigating the Risks of Remote Desktop Protocols

Remote Desktop Protocol (RDP) is the de facto standard for remote access in Windows environments. It grew in popularity over the last couple years due to the pandemic. Many workers are now relying on it to perform duties on remote systems. RDP is secure when well-deployed. Unfortunately, we’ve found that’s rarely the case and it’s common for users to ignore the security warnings.

GoSecure Titan Labs has spent three years working on and reimplementing parts of RDP in PyRDP, our open-source RDP library. This presentation shares what we have learned and how it can be applied to attack and defend against RDP threats.

From an attacker’s perspective, we will cover:

  • Conventional RDP attacks such as Monster-in-the-Middle (MITM) for RDP connections
  • Capture of NetNTLMv2 hashes
  • Techniques to bypass conventional defense mechanisms such as Network Level Authentication (NLA)

Did you know that by default all clients allow server-side NLA downgrades right now? This will enable us to understand and identify the risks of RDP.

From a Blue Team / defender perspective, we will provide:

  • Techniques and tools to detect attacks
  • Step-by-step instructions to deploy an accessible RDP server that is both secure and functional
Titan Managed Detection & Response
Next-Generation Antivirus
Endpoint Detection & Response
Network Detection & Response
Inbox Detection & Response
Insider Threat Detection & Response
Managed Firewall
Managed SIEM
Vulnerability Management as a Service
GoSecure Titan
Titan Software
Secure Email Gateway
Web Security
ResponderPRO Forensics Toolkit
Advisory Services
Breach Readiness Services
Custom Cybersecurity Consulting Services
Cybersecurity Assessment
Incident Response Services
Red & Purple Team Services
Penetration Testing Services
Privacy & Compliance Services
Security Compromise Assessment
3rd Party Technology

Pin It on Pinterest