← All stories

Huntress

Keeping up with BlueKeep

2019-06-04 · Read original ↗

ATT&CK techniques detected

7 predictions

T1021.001Remote Desktop Protocol

93%

"keeping up with bluekeep remote desktop services ( rds ) benefit employees and it administrators alike. with employees often working from anywhere, remote desktop reduces the physical burden of carrying a work laptop home. it also makes updating and managing systems easier, which…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1021.001Remote Desktop Protocol

62%

". - type the command rdpscan. exe localhost to test whether this host is vulnerable bluekeep. - if vulnerable, rdpscan will report vulnerable — got appid as seen below. for msps and it departments with rmm software, it ’ s absolutely possible to recreate this process en masse. th…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

58%

"vulnerable and microsoft noted that if an attacker is able to gain access into the system, they could then “ install programs ; view, change, or delete data ; or create new accounts with full user rights. ” exploiting the vulnerability offensive security researchers have worked a…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1210Exploitation of Remote Services

50%

"and windows vista patches installing the appropriate patch via your tried and tested patching process will fix this vulnerability. considering the criticality of this issue, we strongly suggest you trust but verify the success of these patches. what is the risk of not fixing the …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1563.002RDP Hijacking

43%

"keeping up with bluekeep remote desktop services ( rds ) benefit employees and it administrators alike. with employees often working from anywhere, remote desktop reduces the physical burden of carrying a work laptop home. it also makes updating and managing systems easier, which…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1210Exploitation of Remote Services

34%

"vulnerable and microsoft noted that if an attacker is able to gain access into the system, they could then “ install programs ; view, change, or delete data ; or create new accounts with full user rights. ” exploiting the vulnerability offensive security researchers have worked a…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1021.001Remote Desktop Protocol

33%

"we specifically examined these hosts ’ externally facing ip addresses which exposed 3389 to the internet. we did not look for non - standard / obfuscated rdp ports and huntress doesn ’ t run on xp or server 2003 hosts. the huntress team recorded the external ip address of every h…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Remote Desktop Services (RDS) benefit employees and IT administrators alike. With employees often working from anywhere, remote desktop reduces the physical burden of carrying a work laptop home 🏠. It also makes updating and managing systems easier, which can alleviate the administrative burden when handling a large network.