From 5466825ccc299d5d4ea9d24b7bbbf9d4a1f1f81c Mon Sep 17 00:00:00 2001 From: Olivier Bilodeau Date: Wed, 5 Jun 2019 12:23:13 -0400 Subject: [PATCH] More xref between blog and new videos --- CHANGELOG.adoc | 2 ++ README.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc index 9eb738bb1..b1c0b2484 100644 --- a/CHANGELOG.adoc +++ b/CHANGELOG.adoc @@ -32,6 +32,8 @@ https://github.com/xshill[Francis Labelle] and https://github.com/res260[Émilio Gonzalez]'s talk on {project-name}. * https://docs.google.com/presentation/d/1avcn8Sh2b3IE7AA0G9l7Cj5F1pxqizUm98IbXUo2cvY/edit#slide=id.g404b70030f_0_581[Presentation Slides] +* https://youtu.be/5JztJzi-m48[Demo Video of a Session Takeover and more] +* https://youtu.be/bU67tj1RkMA[Demo Video of a cmd.exe payload triggered on connection] * https://nsec.io/session/2019-welcome-to-the-jumble-improving-rdp-tooling-for-malware-analysis-and-pentesting.html[Abstract] === Enhancements diff --git a/README.md b/README.md index 9a829372a..fa6711427 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,8 @@ It features a few tools: We have used this tool as part of an RDP honeypot which records sessions and saves a copy of the malware dropped on our target machine. +PyRDP was [first introduced in a blogpost](https://www.gosecure.net/blog/2018/12/19/rdp-man-in-the-middle-smile-youre-on-camera) in which we [demonstrated that we can catch a real threat actor in action](https://www.youtube.com/watch?v=eB7RC9FmL6Q). In May 2019 a [presentation by its authors](https://docs.google.com/presentation/d/1avcn8Sh2b3IE7AA0G9l7Cj5F1pxqizUm98IbXUo2cvY/edit#slide=id.g404b70030f_0_581) was given at NorthSec and two demos were performed. [The first one covered](https://youtu.be/5JztJzi-m48) credential logging, clipboard stealing, client-side file browsing and a session take-over. [The second one covered](https://youtu.be/bU67tj1RkMA) the execution of cmd or powershell payloads when a client successfully authenticates. + ## Table of Contents - [Supported Systems](#supported-systems) - [Installing](#installing)