Remote Desktop Protocol

Adversaries may use Valid Accounts to log into a computer using Remote Desktop Protocol(RDP). The adversary may then perform actions as the logged-on user.

Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services(RDS).

Adversaries may connect to a remote system over RDP/RDS to expand access with known credentials. Adversaries will likely use Credential Access techniques to acquire credentials to use with RDP. Adversaries may also use RDP in conjunction with the Accessibility Features technique for Persistence.

Example

For Demo purposes I will already have credentials available for this Technique (Do your proper enumeration to gain these)

We can see in our Images below that we gain access through RDP and then continue to a different Machine as well through RDP

PreviousSMB/Windows Admin Shares NextT1563: Remote Service Session Hijacking

Last updated 3 years ago