Remote Desktop Protocol: An Active Adversary Special Report

What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground when it goes wrong? An Active Adversary Special Report
Remote Desktop Protocol (RDP) is commonly abused by ransomware groups. Here are methods on how we can provide context and advice for administrators and responders looking to deal with RDP.

active adversary adversary advice can context desktop goes incident incident response protocol ransomware ransomware groups rdp remote desktop remote desktop protocol report response run special what is wrong