Paul's Security Weekly (Audio) Are You Down With RDP? - PSW #873
May 8, 2025
Dive into the world of cybersecurity with discussions on RDP vulnerabilities and the shocking use of revoked credentials. Learn about recent exploits related to Apple’s AirPlay and a clandestine backdoor in e-commerce platforms. The podcast also explores the ramifications of a cybersecurity CEO's arrest for malware deployment. Plus, enjoy tales from conferences, humorous anecdotes about bourbon, and insights on vulnerability management advances, all while navigating the complexities of scams and e-commerce security.
AI Snips
Chapters
Transcript
Episode notes
Windows Caches Old Credentials Dangerously
- Windows 11 caches old cloud account credentials locally, ignoring revocations or password changes in Azure AD.
- This behavior undermines security as revoked or changed passwords still grant RDP access indefinitely.
Avoid Exposing RDP Publicly
- Do not expose RDP to untrusted networks as credential revocation does not prevent access.
- Use multi-factor authentication and privileged access management solutions to mitigate risks.
Forensic Use of RDP Bitmap Cache
- RDP's bitmap cache can be used in forensic investigations to reconstruct attackers' sessions.
- Tools like BMC-Tools and RDP Cache Stitcher assist in recovering RDP screen contents from cache.