Overview
Explore the risks and mitigation strategies associated with Remote Desktop Protocol (RDP) in this informative conference talk from NorthSec 2022. Delve into the growing importance of RDP in remote work environments and its security implications when improperly deployed. Learn about conventional RDP attacks, including Monster-in-the-Middle (MITM) and NetNTLMv2 hash capture, as well as techniques to bypass Network Level Authentication (NLA). Discover the default vulnerability allowing server-side NLA downgrades in all clients. Gain insights from both attacker and defender perspectives, with step-by-step instructions for deploying a secure and functional RDP server. Benefit from the expertise of cybersecurity researchers Olivier Bilodeau and Lisandro Ubiedo as they share their findings from three years of work on PyRDP, an open-source RDP library.
Syllabus
Introduction
About RDP
RDP Layers
RDP Security
Risk of RDP
Risks of RDP
Protocol Downgrade
Graphical Login
Why Microsoft did Graphical Login
Security advantages
Attack surface reduction
Authentication
Downgrade
Prevention
Group Policies
How to Attack
How to Mitigate
The Third Attack
The Villain
Responder
Report to Microsoft
What does this mean
What can we do
The future
Red team takeaways
Blue team takeaways
Devolution
Thank you
Taught by
NorthSec