RDP (4.0, 5.0, 6.0)

Remote Desktop Protocol (4.0, 5.0, 6.0)
All applicable versions of Windows.

• Terminal services related registry keys | windowswideopen.com | September 2007 - windowswideopen.com

• SANS Advisor article on Terminal Services forensics | SANS | April 2006 - Robert-Jan Mora
   

The following links provide common Terminal Services attacks & tools. These tools and information may not be used specifically to perform a Terminal Services related forensics investigation however, with knowledge of how an attacker may gain unauthorized access to Terminal Services - you can tailor you investigation accordingly.

Referenced tools should be added to your dirty word lists to determine if these TS cracking tools were run on a victim or suspect system.

• TSGrinder | Terminal Services brute force tool. - www.hammerofgod.com

• Terminal Server / RDP Password Cracking | An instructional video on how to hack Windows terminal services. - www.ethicalhacker.net