EXPLORE
Sign In
← Back to Explore
T1563.002

RDP Hijacking

Adversaries may hijack a legitimate user’s remote desktop session to move laterally within an environment. Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS).(Citation: TechNet Remote Desktop Services) Adversaries may perform RDP session hijacking which involves st...

Windows
5
Detections
3
Sources
1
Threat Actors

BY SOURCE

2sigma2splunk_escu1elastic

PROCEDURES (4)

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Remote1 detections

Auto-extracted: 1 detections for remote

Remote1 detections

Auto-extracted: 1 detections for remote

Service1 detections

Auto-extracted: 1 detections for service

THREAT ACTORS (1)

Axiom

DETECTIONS (5)

Potential MSTSC Shadowing Activity
sigmahigh
Potential Remote Desktop Shadowing Activity
elastichigh
Suspicious RDP Redirect Using TSCON
sigmahigh
Windows RDP Connection Successful
splunk_escu
Windows Service Create with Tscon
splunk_escu