Going Rogue: APT29 Using Rogue RDP | Threat SnapShot скачать в хорошем качестве

Going Rogue: APT29 Using Rogue RDP | Threat SnapShot

In 2022, Microsoft began blocking macros originating from the internet in Office, pushing both pentesters and threat actors to explore new methods for initial access. Fast forward to October 2024, and APT29 is leveraging one of those methods—Rogue RDP—discovered as a workaround back in 2022. In this video, we dive into a recent spearphishing campaign uncovered by the Ukrainian CERT, where attackers used Rogue RDP to gain initial access to targets. This video will provide you practical detection opportunities that can be used to hunt for this activity in your environment. ✅ Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses. 📢 Have questions or topics you’d like us to cover? Drop a comment below! 👋 Follow us:   / snapattack     / snapattackhq     / ajkingio     / ajkingio   SnapAttack Resources: https://app.snapattack.com/threat/22e... - Threat: Rogue RDP File Outbound Connection to pyrdp MITM https://app.snapattack.com/threat/698... - Threat: Rogue RDP Connection with Startup File Write https://app.snapattack.com/detection/... - Detection: Suspicious File Created by RDP https://app.snapattack.com/detection/... - Detection: RDP Connection Over Non-Standard Port https://app.snapattack.com/detection/... - Detection: Suspicious Mstsc.EXE Execution With Local RDP File https://app.snapattack.com/detection/... - Detection: Mstsc.EXE Execution With Local RDP File References: https://cert.gov.ua/article/6281076 https://aws.amazon.com/blogs/security... https://www.microsoft.com/en-us/secur... https://www.blackhillsinfosec.com/rog...