Hacking Microsoft RDP for Fun and Profit: Post-exploitation the easy way

Presented at REcon 2011, July 9, 2011, 3 p.m. (30 minutes)

Microsoft RDP is a powerful functionality included into almost any version of Microsoft Windows, which enables users to log in remotely while enjoying familiar graphical and sound experience. However, Microsoft has restricted the RDP functionality in so many ways, that even regular users have to apply third-party patches to enable missing functions (such as concurrent sessions). Nowadays many pro cyber attacks in post-exploitation stage are carried out by hands, via a malicious VNC connection, rather than via an automated payload trojan. Such attacks are still rare, because custom implementation of a remote desktop protocol is somewhat resource-intensive and unreliable. But, what if the attacker thinks of implementing malicious remote desktop backdoor on top of default functionality of Microsoft Windows? In this presentation we will discuss the Microsoft RDP internals, and how an attacker might intercept them to achieve some malicious profit.

Presenters:

Links:

Similar Presentations: