Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/114269010519450954">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 03-Apr-2025 00:12:23 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/114269000242930604" rel="in-reply-to">in reply to</a></div></section><article><p>In 84% of cases - you know, almost all - attackers use RDP, aka Remote Desktop.  </p><p>Yes, you think attackers are hacking the matrix and using Generative AI to generate 31337 code... but in fact, almost all of them are using Remote Desktop to *point and click* hack you.</p><p>There's some really good recommendations in that for monitoring internal RDP usage.  It's by far one of the biggest ways to catch people internally being naughty.  Why is somebody RDPing to a domain controller at 3am?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4832480#notice-9465770">In conversation</a><time datetime="2025-04-03T00:12:23+09:00" title="Thursday, 03-Apr-2025 00:12:23 JST">about 20 days ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/114269010519450954" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/114269010519450954">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/4403589">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/114/269/004/298/623/743/original/261720b193529c4f.png" rel="external">https://cyberplace.social/system/media_attachments/files/114/269/004/298/623/743/original/261720b193529c4f.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 03-Apr-2025 00:12:23 JST Kevin Beaumont
in reply to
In 84% of cases - you know, almost all - attackers use RDP, aka Remote Desktop.
Yes, you think attackers are hacking the matrix and using Generative AI to generate 31337 code... but in fact, almost all of them are using Remote Desktop to *point and click* hack you.
There's some really good recommendations in that for monitoring internal RDP usage. It's by far one of the biggest ways to catch people internally being naughty. Why is somebody RDPing to a domain controller at 3am?
In conversationabout 20 days ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/114/269/004/298/623/743/original/261720b193529c4f.png

Public

Embed Notice

HTML Code

Corresponding Notice