It's been a while since I last wrote a blog post. I've been busy building cool stuff and hunting for evil, so now I'm back to writing blog posts. For a while, I have had folks ask me about RDP Bitmap Cache, so I decided to write one about it.
Recently, I encountered a threat actor leveraging Tor to establish Remote Desktop Protocol (RDP) sessions from a victim system to an attacker-controlled server. In this blog post, we will cover the basics of proxying RDP traffic over TOR and how to set it up, with tips to avoid being detected.