Brute Bee
4.4K posts
@BruteBee
🛡️ #EthicalHacker & #InfoSec Pro | Lover of Digital Forensics 🔍 | Purple Teamer 🚀 | Let's secure the web!
To be clear... v1 is available now, but not yet official. That said... It's sooooo good!!! Check it out with some caveats today, but look for the vision of future open source vulnerability identification.
🔒 Secure Bits 💡 𝗗𝗼 𝘆𝗼𝘂 𝘂𝘀𝗲 𝗥𝗗𝗣? There’s a 𝘀𝘂𝗿𝗽𝗿𝗶𝘀𝗶𝗻𝗴 𝗿𝗶𝘀𝗸 you might not be thinking about — and it’s already on your machine. When you use Remote Desktop (𝗥𝗗𝗣) via the 𝗠𝗦𝗧𝗦𝗖 client, any credentials you enter can be retrieved in plaintext in the process 𝗺𝗲𝗺𝗼𝗿𝘆. That means your domain admin password could be sitting there, waiting to be pulled — no keylogger needed. 📌 You can’t just flip a setting to 𝗱𝗶𝘀𝗮𝗯𝗹𝗲 this. But there are some 𝘄𝗮𝘆𝘀 𝘁𝗼 𝗿𝗲𝗱𝘂𝗰𝗲 𝘁𝗵𝗲 𝗿𝗶𝘀𝗸: 1️⃣ 𝗨𝘀𝗲 𝗮 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲𝗱 𝗔𝗰𝗰𝗲𝘀𝘀 𝗪𝗼𝗿𝗸𝘀𝘁𝗮𝘁𝗶𝗼𝗻 (𝗣𝗔𝗪) — ideally a physical machine, even if you run a VM PAW on top of it. 2️⃣ 𝗔𝘃𝗼𝗶𝗱 𝗥𝗗𝗣 — not always practical in Windows environments. 3️⃣ 𝗨𝘀𝗲 𝗠𝗙𝗔 — if there’s no password typed, there’s no password to grab from memory. 🔐 That’s one reason I started 𝗰𝗼𝗹𝗹𝗮𝗯𝗼𝗿𝗮𝘁𝗶𝗻𝗴 𝘄𝗶𝘁𝗵 Systola. I tested their platform, 𝗦𝘆𝘀𝘁𝗼𝗟𝗢𝗖𝗞, which brings 𝗻𝗮𝘁𝗶𝘃𝗲 𝗽𝗮𝘀𝘀𝘄𝗼𝗿𝗱𝗹𝗲𝘀𝘀 𝗺𝘂𝗹𝘁𝗶-𝗳𝗮𝗰𝘁𝗼𝗿 𝗮𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 to the Windows ecosystem — including RDP, Windows login, SAML, Radius, and more. It’s simple, works as expected, and the pricing is very reasonable. 🧪 𝗪𝗮𝗻𝘁 𝘁𝗼 𝘁𝗿𝘆 𝗶𝘁? Link in comments. Here’s how it works: 1. Open the page → you’ll see the license options (one is free). 2. Click Request demo. 3. Systola will create your eval account and send access so you can install and test. If you give it a spin, 𝘁𝗲𝗹𝗹 𝗺𝗲 𝗵𝗼𝘄 𝗶𝘁 𝗴𝗼𝗲𝘀 — I can help and may be able to arrange a discount for paid tiers. Do you use MFA for RDP sessions? #WindowsSecurity #SecureBits #MFA #CyberSecurity #BlueTeam #HorizonSecured
