The RDP protocol has a wide variety of interesting features, yet no tool supported the complexity of the protocol for information security purposes. To address this, created PyRDP, an open-source, general-purpose RDP man-in-the-middle (MITM) tool. It allows complete interception of RDP sessions with offensive capabilities and advanced features to analyze such sessions, such as listing the client?s drive content, saving the transferred files and clipboard content. This opens the door for new techniques in malware research and pentesting for a protocol that is increasingly looked at by security researchers. We will demonstrate this by showing replays of a bad actor we caught using PyRDP. The talk will also give recommendations to mitigate the risk of MITM attacks on a network.

Francis and ?ilio are undergraduate students from (respectively) ?ole de Technologie Sup?ieure and Universit?de Sherbrooke in Canada. Both have a strong interest in information security and are involved with their university?s computer science club. Francis participates competitively in several CTF competitions with the DCIETS team and is interested in the offensive side of cybersecurity. ?ilio organizes several computer science-related events for the students of his university and likes to learn about the defensive side of cybersecurity.

@res260, @xshill_

Back to Derbycon 2019 video list