How Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft - GoSecure
www.gosecure.net
Luring threat actors into RDP traps reveals attackers' tactics. This blog summarizes an hour-long presentation about what can be found in those traps.

Researchers analyzed 190 million hacking events on a honeynet and categorized the types of hackers into Dungeons and Dragons classses.

Rangers evaluate the system and set conditions for a follow-on attack.

Thieves install cryptominers and other profiteering software.

Barbarians attempt to brute force their way into adjacent systems.

Wizards connect the newly compromised system to a previous to establish ‘portals’ to tunnel through to obscure their identity.

Bards have no apparent hacking skill and likely purchase or otherwise acquire access. They perform basic computer tasks.

  • Nonagon ∞ Orc
    311 months ago

    Interesting read! And the way they use DnD classes is very fun to me. They did the bard dirty though haha.

    • @InfiniteStruggle
      211 months ago

      Yeah, considering a bard is OP in certain situations, and often a great buff to any group. I think they should have likened a bard to social engineering experts or people that associate with hackers and help them with less hacking oriented tasks. Like a startup incubator except for black hats.

      • Nonagon ∞ Orc
        211 months ago

        Yeah that is a good one. Though I don’t know if there is another class that would have fit their category better