Remote desktop protocol (RDP) is designed by Microsoft for remote management of Windows-based virtual desktops. It provides users a graphical interface to connect over the network to a remote computer. Having a remote access feature leaves the door open for attackers.
I’ll use this post to summarise some of the information and commands that I use when investigating an RDP incident.
Note that RDP connections are usually done via tcp/3389.
Investigating RDP goes best in … Read more.