Therefore, we had to remove configuration options that support forward secrecy on the RDP client.įor this tutorial, our RDP client was a host running Windows 10 Pro. With forward secrecy, we cannot decrypt SSL/TLS traffic using a single private encryption key from the RDP server. These types of ciphers create multiple session keys for an SSL/TLS connection. Some encryption ciphers provide forward secrecy, which is also known as perfect forward secrecy. Step 2: Remove Forward Secrecy Ciphers From RDP Client We recorded network traffic from an RDP session between these two hosts from the virtual LAN. One of the hosts acted as an RDP client, and the other acted as an RDP server. Our lab environment contained two Windows 10 hosts. The basic structure of our lab used for this tutorial is shown below in Figure 1. This tutorial does not cover setting up virtual machines (VMs) in a virtual environment. VirtualBox is free, while VMware is a commercial product. The two most common virtual environments for this type of analysis are VirtualBox or VMware Workstation for Windows and Linux. Step 4: Capture RDP traffic between the RDP server and Windows client. Step 3: Obtain the RDP server's private encryption key. Step 2: Remove forward secrecy ciphers from the RDP client. Step 1: Set up a virtual environment with two hosts, one acting as an RDP client and one acting as an RDP server. The overall process follows seven general steps:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |