AnsweredAssumed Answered

Parser to enumerate RDP username.

Question asked by RSA Admin Employee on Nov 26, 2012
Latest reply on Aug 23, 2013 by Thomas Schaub

Hello all,

 

 

I figured someone has probably done this before so i figured i would ask on the board first before i start working on this.

 

Has anyone created a parser to get the mstshash value inside RDP sessions in order to help detect which accounts are being targetted in brute force attacks ?

 

 

i.e:"   àCookie: mstshash=administrator

Outcomes