Unparalleled RDP Monitoring to Reveal Attackers' Tradecraft

Watch a DEF CON 31 conference talk exploring Remote Desktop Protocol (RDP) attack patterns through an innovative Dungeons & Dragons analogy. Dive into findings from over 100 hours of intercepted attacker footage captured using PyRDP, an open-source monitoring tool. Learn how threat actors are categorized into distinct archetypes - from Bards conducting suspicious searches to Wizards using RDP as cloaking portals. Examine real video evidence of attackers' techniques, tools, and behaviors, including XDedic RDP patch, NLBrute, Masscan GUI, and methods for disabling Windows Defender. Gain valuable insights from a unique partnership between an engineer and crime data scientist as they demonstrate how RDP interception capabilities can benefit security research and blue teams in identifying and focusing on sophisticated threats. Understand the tradecraft of opportunistic attackers through extensive documentation and analysis of their methodologies.