攻擊手法-RDP tunneling介紹與防範
目錄
介紹
利用受害者電腦對c2 Server建立起ssh連線行,進一步建立tunnel從c2 Server RDP連線至受害者主機。
A Microsoft Windows component, RDP was designed to provide administrators, engineers, and users with remote access to systems. However, threat actors have been using the technology for nefarious purposes, and the trend continues, especially since an RDP attack is usually more difficult to detect than a backdoor.
說明How it works?
Inbound RDP Tunneling , a common utility used to tunnel RDP sessions is PuTTY Link, commonly known as Plink.
FIG: Enterprise firewall bypass using RDP and network tunneling with SSH as an example
FIG: Example of successful RDP tunnel created using Plink
FIG: Example of successful port forwarding from the attacker C2 server to the victim