RDP

Remote Desktop Protocol

https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b

RdpThief

https://github.com/0x09AL/RdpThief
https://github.com/S3cur3Th1sSh1t/RDPThiefInject
https://github.com/snovvcrash/SharpRdpThief
https://github.com/passthehashbrowns/SharpRDPThief
https://github.com/proxytype/RDP-THIEF
https://github.com/0xEr3bus/RdpStrike

The DLL can be converted to shellcode with ConvertToShellcode.py (sRDI approach) and then be injected into the target process. That would help to avoid dropping the DLL to disk:

beacon> rdpthief_enable
beacon> rdpthief_dump
beacon> rdpthief_disable

Abusing CredSSP / TSPKG

https://clement.notin.org/blog/2019/07/03/credential-theft-without-admin-or-touching-lsass-with-kekeo-by-abusing-credssp-tspkg-rdp-sso/

Last updated 5 months ago

hashtagRdpThief

hashtagAbusing CredSSP / TSPKG

RdpThief

Abusing CredSSP / TSPKG