Microsoft dismisses new Windows RDP ‘bug’ as a feature
Researchers have found an unexpected behavior in a Windows feature designed to protect remote sessions. Continue reading Microsoft dismisses new Windows RDP ‘bug’ as a feature
Collaborate Disseminate
Researchers have found an unexpected behavior in a Windows feature designed to protect remote sessions. Continue reading Microsoft dismisses new Windows RDP ‘bug’ as a feature
Two weeks have passed since Microsoft released security fixes and mitigation advice to defang exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable unauthenticated remote code execution flaw in Remote Desktop Services (RDP). The vulnera… Continue reading BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable
Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because we’re still making old mistakes – here’s what to do. Continue reading Serious Security: Don’t let your SQL server attack you with ransomware
There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target running Remote Desktop Protocol (RDP). But, as many infosec experts have noted, w… Continue reading If you haven’t yet patched the BlueKeep RDP vulnerability, do so now
Microsoft has fixed an RDP vulnerability that can be exploited remotely, without authentication and used to run arbitrary code. Continue reading UPDATE NOW! Critical, remote, ‘wormable’ Windows vulnerability
For May 2019 Patch Tuesday, Microsoft has released fixes for 79 vulnerabilities, 22 of which are deemed critical. Among the fixes is that for CVE-2019-0708, a “wormable” RDP flaw that is expected to be weaponised by attackers very soon. Abo… Continue reading Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities
Should vanilla RDP be enabled on Windows client? What is considered to be the best practice?
Default RDP to TLS 1.2
Remote Desktop Gateway (Requires Windows Server)
Tunnel RDP over SSH
Disable RDP don’t use it
I’m analyzing several hacked machines on our network. On the original hacked machine, I’ve found event logs indicating a series of successful RDP connections to other machines, but when I go to those machines and check the RD… Continue reading Is it possible for specific event logs to have been deleted?
I am somewhat administering an old Windows Server 2008 server that is used to host a older Video Game.
It’s in such a state that it has tons of custom code on it that run the server and hasn’t really been maintained.
We rec… Continue reading Steps to Harden Ancient Gaming Server
I’ve installed some new networking equipment: firewall, switches, vlans, etc. I won’t mention the brand name here, because I don’t want to cause them harm by my suspicions.
Right after doing this, I was able to RDP to a serv… Continue reading Finding the reason behind an RDP Certificate Change (man in the middle attack?)