Remote System Discovery and Remote Desktop Protocol

Adversaries will often perform Remote System Discovery many times throughout an engagement. Each time they find themselves on a new endpoint or in a new subnet they will likely want to know more about this new location. Living off the land, using legitimate software present on the system, is a common approach that can make detection of this behavior even more difficult. Don’t let adversaries snoop around your environment unnoticed, start detecting them now.

What could be wrong with a service that allows users to connect to any machine in the entire environment remotely? The risks of RDP access in the wrong hands are seemingly obvious, but organizations continue to see adversary actions that involve this core technology. Couple this with Valid Credentials and it’s easy to see why this vector is useful for an adversary bent on accomplishing objectives on goal.

Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by financially motivated threat group FIN7. Prevent adversaries from accomplishing the tactics of Discovery and Lateral Movement in your environment today.

• Remote System Discovery and Remote Desktop Protocol
• What is Remote System Discovery?
• What is Remote Desktop Protocol?
• Detection, Validation, and Mitigation (Lab)