Disabled RestrictedAdminMode For RDS

Rule Info

Name
Disabled RestrictedAdminMode For RDS
Description
Detect activation of DisableRestrictedAdmin to desable RestrictedAdmin mode. RestrictedAdmin mode prevents the transmission of reusable credentials to the remote system to which you connect using Remote Desktop. This prevents your credentials from being harvested during the initial connection process if the remote server has been compromise
Modified
None
Date
2023-01-13 00:00:00
Author
frack113
Tags
attack.defense_evasion DEMO attack.t1112
Id
d6ce7ebd-260b-4323-9768-a9631c8d4db2
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
fix: add related metadata
2023-01-13
frack113
Move rules
2023-01-13
frack113
Add redcannary rules
2023-01-13