Reverse Remote Desktop Exploitation:
A Deep Dive into Midnight Blizzard’s RDP Phishing Tactics

Abstract

In this session, Mickey will analyze and demonstrate a novel Reverse Remote Desktop Protocol (RDP) phishing attack leveraged by Midnight Blizzard. Recently, this actor deployed large-scale, targeted spear-phishing campaigns utilizing malicious RDP files, a tactic aimed at government, academic, and defense sectors. Through this attack, Midnight Blizzard gains remote access to victim machines, circumventing traditional defenses by exploiting user-initiated RDP connections.

This presentation will dissect the attack mechanics as highlighted in Microsoft’s latest threat intelligence report. By detailing the construction and delivery of the malicious RDP payloads, as well as the exploitation phase, participants will gain insights into the attacker’s strategies. 

The session will also include a demonstration of the attack scenario, providing a practical understanding of the technical vulnerabilities exploited and illustrating the RDP-based intrusion from both the attacker’s and defender’s perspectives.

Speaker: Mickey De Baets

Company: EY Financial Services Operations Belgium
Function: Red Team

Mickey De Baets, a seasoned Penetration Tester, Red Teamer, and Cyber Security Consultant at EY FSO Belgium, brings a wealth of expertise in offensive security, focusing on complex threat landscapes in the financial sector. 

With a strong background in Red Teaming, Mickey actively contributes to cybersecurity education, teaching at Thomas More and hosting community meetups as a Belgian Hack The Box Ambassador.

Want to see Mickey in action?

Get your tickets here!