RDP, or Remote Desktop Protocol, is a proprietary protocol developed by Microsoft that allows users to connect to another computer over a network connection. The client software for RDP is pre-installed on most versions of Windows, making it a widely used tool for remote access.
: It has been observed in attacks against critical infrastructure in the U.S. and Australia. Industrial Cyber Security Recommendations RDP Recognizer.rar
| Feature | Description | |---------|-------------| | Active Session Detection | Lists all currently connected RDP users, including their IP addresses, session IDs, and idle times. | | Historical Log Analysis | Parses Windows Security Event Logs (Event IDs 4624, 4648, 4778, 4779) to show past RDP logins. | | Geolocation Mapping | Some versions claim to map source IPs to approximate geographic locations. | | Brute-Force Alerting | Recognizes multiple failed logins from a single IP, flagging potential attacks. | | Port Scanning Lite | Checks if port 3389 (or a custom RDP port) is open and responding. | | Export Reports | Generates CSV or TXT reports for compliance auditing. | What is RDP
Export Report – Use the built-in export button or command flag (e.g., /export:report.csv). Netwrix Auditor – Monitors RDP in real time with alerts
RDP Recognizer is categorized as a "dual-use" tool, though its primary visibility in modern cybersecurity is as a component of the cybercriminal toolkit.
电话咨询
在线咨询
微信咨询
