Hot Topics

Anthony Kasza
Bright Ideas Blog

Introducing RDP Inferences

Introducing RDP Inferences

| | Alert AA21-131A, Announcements, APT39, APT40, Corelight Labs, Crowbar, DarkSide ransomware, Duo, Emotet, encrypted traffic, encrypted traffic collection, JA3, Matrix ransomware, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, Palo Alto Networks, RDP, RDPBCGR, Richard Bejtlich, rsa, RSAConference, Vern Paxson, Zeek, Zscaler
By Anthony Kasza, Technical Director, Corelight Corelight recently released a new package, focused on RDP inferences, as part of our Encrypted Traffic Collection. This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.  Which inbound RDP connections were initiated by attack tools? Did ... Read More
Bright Ideas Blog
Analyzing Encrypted RDP Connections

Analyzing Encrypted RDP Connections

| | APT39, APT40, Corelight Labs, encryption, Microsoft, MITRE ATT&CK, MS-RDPBCGR, MS-RDPEUDP, MS-RDPEUDP2, open source, powershell, RDP, SharpRDP, SSH, TCP, TLS, Windows, Zeek
By Anthony Kasza, Corelight Security Researcher Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work. Just like every other remote administration tool, RDP can be used for legitimate or malicious control of a ... Read More
Bright Ideas Blog