Rogue RDP – Revisiting Initial Access Methods
Summary
This article revisits initial access methods, specifically focusing on Remote Desktop Protocol (RDP). It discusses how Microsoft's disabling of VBA macros from the internet may be forcing threat actors to explore alternative entry points.
IFF Assessment
FOE
The article discusses methods that threat actors use to gain initial access into systems, which is detrimental to defenders.
Defender Context
Defenders should be aware of evolving initial access techniques, as threat actors adapt to security changes like macro disabling. Monitoring for unusual RDP activity or other unconventional entry vectors is crucial.