Remote Services: Remote Desktop Protocol

Description

Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS).

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesAuthenticated ScanSMBWindows ServicesPlugin ID: 44401
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesAuthenticated ScanWMILocal Users, Groups and Group membershipPlugin ID: 71246
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesAuthenticated ScanOS CommandComputer ConnectivityPlugin ID: 64582

References

Enumerate Local Group Memberships

Microsoft Windows SMB Service Config Enumeration

Netstat Connection Information

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Lateral Movement

Technique: Remote Services

Platform: Windows

Tenable Release Date: 2022 Q3