I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers' Tradecraft

The Remote Desktop Protocol (RDP) is a critical attack vector used by evil threat actors including in ransomware outbreaks. To study RDP attacks, we created PyRDP, an open-source RDP interception tool with unmatched screen, keyboard, mouse, clipboard and file collection capabilities. Then we built a honeynet that is composed of several RDP Windows servers exposed on the cloud. We ran them for three years and have accumulated over 150 million events including 100 hours of video footage, 570 files collected …

attack attackers attacks attack vector capabilities clipboard collection critical desktop evil file interception keyboard monitoring mouse protocol pyrdp ransomware rdp remote desktop remote desktop protocol reveal roll screen study threat threat actors tool