Remote Desktop Protocol: The Series
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it…
March 2024
Remote Desktop Protocol: Exposed RDP (is dangerous)
Is it really that risky to expose an RDP port to the internet? What if you change the default port?…
Remote Desktop Protocol: Queries for Investigation
How can defenders begin to make sense of RDP issues on their networks? We present three powerful tools for investigators’…
Remote Desktop Protocol: How to Use Time Zone Bias
Where in the world is your attacker? Presenting a less-known but useful event to look for in your logs
Remote Desktop Protocol: Executing the 4624_4625 Login Query
Keeping an eye on who’s trying to get onto your network – whether or not they’re successful – can pay…
Remote Desktop Protocol: Executing the External RDP Query
On the hunt for successful RDP connections that have entered your network from outside? A step-by-step guide (and a query…
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers…
DEEP#GOSU Attack Campaign Detection: North Korean Kimsuky APT Is Likely Behind Attacks Using PowerShell and VBScript Malware
The nefarious cyber-espionage North Korean Kimsuky APT group has been in the limelight in the cyber threatscape since at least…
The False Economy of Deprioritising Security
In the UK, cyber security has been dropping down the board’s list of priorities. A 2022 Proofpoint study found that…
CIPC breached
The Companies and Intellectual Property Commission (CIPC) in South Africa recently fell victim to a significant cyberattack, triggering concerns about…