Remote Desktop Protocol (T1076)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Remote Desktop Protocol

Associated Tactics

  • Lateral Movement

Lateral Movement (TA0008)

The adversary is trying to move through your environment. Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier.

View on ATT&CK

Procedure Examples

Description Source(s)
capec
Microsoft. (n.d.). Remote Desktop Services. Retrieved June 1, 2016. TechNet Remote Desktop Services
Alperovitch, D. (2014, October 31). Malware-Free Intrusions. Retrieved November 4, 2014. Alperovitch Malware
Korznikov, A. (2017, March 17). Passwordless RDP Session Hijacking Feature All Windows versions. Retrieved December 11, 2017. RDP Hijacking Korznikov
Beaumont, K. (2017, March 19). RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation. Retrieved December 11, 2017. RDP Hijacking Medium
NCC Group PLC. (2016, November 1). Kali Redsnarf. Retrieved December 11, 2017. Kali Redsnarf