Cracking RDP NLA Supplied Credentials for Threat Intelligence

NLA Honeypot Part Deux

This is a continuation of the research from Building an RDP Credential Catcher for Threat Intelligence. In the previous post, we described how to build an RDP credential catcher for threat intelligence, with the caveat that we had to disable NLA in order to receive the password in cleartext. However, RDP clients may be attempting to connect with NLA enabled, which is a stronger form of authentication that does not send passwords in cleartext. In this post, we discuss our …

Cracking RDP NLA Supplied Credentials for Threat Intelligence

ProxyShell exploitation leads to BlackByte ransomware

Kit_Hunter – A Basic Phishing Kit Scanner For Dedicated And Semi-Dedicated Hosting

Pysa Ransomware Under the Lens: A Deep-Dive Analysis

Introducing VirusTotal Collections

Editor Picks

Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again

Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2

WinRAR’s vulnerable trialware: when free software isn’t free

Must read

Kit_Hunter – A Basic Phishing Kit Scanner For Dedicated And Semi-Dedicated Hosting

Pysa Ransomware Under the Lens: A Deep-Dive Analysis

Introducing VirusTotal Collections

Popular categories