this post was submitted on 30 Jan 2025
25 points (83.8% liked)
Cybersecurity
6096 readers
272 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm kinda confused. This looks like really old information re-packaged as some sort of "exploit". Examining the RDP cache is an old trick. Here's a video on doing it from six years ago:
https://www.youtube.com/watch?v=NnEOk5-Dstw
The tools for doing this, have been out for a long time. Here's the EnCase tool:
https://marketplace.opentext.com/cybersecurity/content/rdp-cached-bitmap-extractor
Here's an open source parser:
https://github.com/ANSSI-FR/bmc-tools
So, what's new here and how is this allowing "Attackers to Take Over Windows and Browser Sessions" other than, if they are on a system, they can dig through the RDP cache? Which, if they are already on the system which launched the RDP sessions, the horse is long out of the barn. Between credential dumping, keylogging and pass the hash, the attacker probably has as much access as the local user has anyway.
Yeah this article is complete garbage. Who upvotes this stuff?