๐ ๐๐ฟ๐ผ๐บ ๐๐ต๐ฒ ๐๐ถ๐ฒ๐น๐ฑ โ Real-World Findings from Security Assessments
๐ฅ ๐ฑ๐ณ.๐ญ%ย of infrastructures Iโve assessed ๐ฑ๐ผ๐ปโ๐ ๐๐๐ฒ ๐ฏ๐๐ถ๐น๐-๐ถ๐ป ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ณ๐ฒ๐ฎ๐๐๐ฟ๐ฒ๐ ๐ผ๐ณ ๐ฅ๐ฒ๐บ๐ผ๐๐ฒ ๐๐ฒ๐๐ธ๐๐ผ๐ฝ ๐ฃ๐ฟ๐ผ๐๐ผ๐ฐ๐ผ๐น.
๐ฅ๐๐ฃ ๐ฐ๐ฎ๐ป ๐ฏ๐ฒ ๐ฑ๐ฎ๐ป๐ด๐ฒ๐ฟ๐ผ๐๐: it spreads credentials, caches them in plaintext, and becomes an easy escalation path.
While switching to 3rd-party tools is one option, it adds complexity and risk. Instead, you might already have the tools you need โ you just need to enable them:
๐ ๐ฅ๐๐ฃ ๐ฅ๐ฒ๐๐๐ฟ๐ถ๐ฐ๐๐ฒ๐ฑ ๐๐ฑ๐บ๐ถ๐ป ๐ ๐ผ๐ฑ๐ฒ
Great for privileged sessions from jump servers or PAWs. It ensures no credentials are sent to the target โ only network logon is used. Downside? You canโt access network resources from the target unless you manually auth again (because your creds arenโt there โ thatโs the point). Supports NTLM and Kerberos.
๐ก๏ธ ๐ฅ๐ฒ๐บ๐ผ๐๐ฒ ๐๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น ๐๐๐ฎ๐ฟ๐ฑ
Perfect for users accessing RDP-based apps like terminal services. All auth requests are routed back to the source device, so no creds touch the target at all. It works via SSO and supports only Kerberos. Way better than default credential delegation โ which stores passwords in plaintext on the host. There are still some risks connected to this features, that is why you should only use this for users.
These features are really underused โ and can seriously reduce RDP credential risks.
Are you using them?
