RDP – Mahyar Notes

PCAP Analysis

January 19, 2022 Forensics and Security, Linux Comments Off on PCAP Analysis

Learning Objectives Understand the advantages and goals of PCAP AnalysisHow to pivot into and away from PCAP Analysis (how to use findings for quicker analysis)Common tools to useHow data reduction aids in investigations Common Tools SnortTcpdumpWireSharkTShark Tools Covered Here SnortTcpdumpWireshark Notes Keep solid notes on your thinking around evidence and …

How to Allow Multiple RDP Sessions in Windows 10 and 11?

November 16, 2021 Microsoft Related, Powershell Comments Off on How to Allow Multiple RDP Sessions in Windows 10 and 11?

Remote users can connect to their Windows 10 and 11 computers via the Remote Desktop Services (RDP). It is enough to enable RDP in the device settings and connect to the computer using any Remote Desktop client. But there is a restriction on the number of simultaneous RDP sessions – …

RDP Authentication Artifacts for DFIR Purpose

October 22, 2021 Forensics and Security, Microsoft Related Comments Off on RDP Authentication Artifacts for DFIR Purpose

A good detection technique to spot Remote Desktop Connections that are exposed to the internet is to scan RDP event logs for any events where the source IP is a non-RFC 1918 address. This provides you a good way to check for locations that may be port forwarding RDP, like …

Mahyar Notes Education is the most powerful weapon which you can use to change the world.

Tag Archives: RDP

PCAP Analysis

How to Allow Multiple RDP Sessions in Windows 10 and 11?

RDP Authentication Artifacts for DFIR Purpose