RDP – D E C E I V E R . I O

Deceive, Detect, Engage

Engage Report: Zloader Trojan Analysis

Zloader has been observed to utilize legitimate remote management tools like AnyDesk, TeamViewer, and Microsoft Quick Assist for initial access. Threat actors leverage social engineering tactics to convince victims to grant them remote access to their systems. Once they gain remote access, the attackers proceed to deploy Zloader.

Technique: System Access [T1078] –> Remote Services [T1021] –> Remote Desktop Protocol [T1021.001]

Fake RDP Honeypots

Goal: Lure attackers attempting to use RDP for lateral movement and gather information about their tools and techniques.

Approach: Deploying and monitoring fake RDP servers.

Set up decoy RDP servers that mimic legitimate systems but capture attacker credentials, log keystrokes, or redirect them to a controlled environment.

Tag: RDP

Engage Report: Zloader Trojan Analysis

Fake RDP Honeypots

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense