Jump to content
Fi8sVrs

Adrian Vollmer - Attacking RDP with Seth

Recommended Posts

  • Active Members

 

When it comes to the security of RDP hosts, experience shows that many organizations rarely replace the default self-signed certificates with certificates signed by their corporate CA. This obviously leaves them vulnerable to Man-in-the-Middle attacks. However, until now no open source proof-of-concept exploit is available to the IT security community, despite the specifications of RDP being freely available.

 

Since many administrators often perform tasks on critical servers such as the domain controller via RDP, usually with highly privileged accounts, RDP is a worthwhile target of potential adversaries. In this talk, we want to analyze the implementation of the relevant parts of RDP in detail and show how to develop a tool that can extract credentials in clear text if the user is careless enough to ignore SSL warnings. The intended audience is system administrators, penetration testers and security enthusiasts. https://www.hacktivity.com

  • Upvote 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...