In this SySS proof-of-concept video, we demonstrate how our software tool Seth [1] developed by Dr. Adrian Vollmer of SySS GmbH (https://www.syss.de/) can be used to successfully attack poorly secured Microsoft Remote Desktop (RDP) connections which make use of self-signed X.509 certificates.

Despite the fact that using self-signed certificates in production environments is nowadays widely known to be a security issue, we still regularly come across insecure RDP configurations in our penetration tests. Thus, users being presented with certificate warnings and deliberately ignoring them to get their job done is still a thing. If certificate warning messages are a common occurrence in an environment, users will not be able to recognize a real man-in-the-middle attack when it is taking place and they will even assist the attacker.

If you want to know more about how Seth works and how you can improve the security of your RDP connections, please have look at Dr. Vollmer's paper titled "Attacking RDP: How to Eavesdrop on Poorly Secured RDP Connections" [2] and at the talk he gave at the Hacktivity IT security conference in 2017 [3].

[1] Seth GitHub Repository
https://github.com/SySS-Research/Seth

[2] Attacking RDP: How to Eavesdrop on Poorly Secured RDP Connections
https://www.syss.de/fileadmin/dokumen...

[3] Attacking RDP with Seth, Hacktivity 2017
https://www.youtube.com/watch?v=wdPkY...