Passwordless RDP Session Hijacking Feature All Windows versions
Tags
| attack-pattern: | Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Rdp Hijacking - T1563.002 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 1d31a570-38bf-4e21-80bc-c853e099f0e7 |
| Fingerprint | edcc913ad0321d5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 17, 2017, 1:57 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Alexander Korznikov. A bit of security. |
| Title | Passwordless RDP Session Hijacking Feature All Windows versions |
| Detected Hints/Tags/Attributes | 38/1/13 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 212 | technet.microsoft.com |
|
| Details | Domain | 154 | youtu.be |
|
| Details | Domain | 768 | www.youtube.com |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 10 | tscon.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | Url | 1 | https://technet.microsoft.com/en-us/library/cc770988(v=ws.11).aspx |
|
| Details | Url | 1 | https://technet.microsoft.com/en-us/library/cc731007(v=ws.11).aspx |
|
| Details | Url | 1 | https://youtu.be/opk5off3yug |
|
| Details | Url | 1 | https://youtu.be/vytjv2kpwsg |
|
| Details | Url | 1 | https://youtu.be/ogsoiowmhww |
|
| Details | Url | 252 | https://medium.com |
|
| Details | Url | 1 | https://www.youtube.com/watch?v=vrf8uxk_epy |