Windows
The main components used for remote management of Windows and Windows servers are the following:
Remote Desktop Protocol (
RDP
)Windows Remote Management (
WinRM
)Windows Management Instrumentation (
WMI
)
RDP
We can see that the RDP cookies
(mstshash=nmap
) used by Nmap to interact with the RDP server can be identified by threat hunters
and various security services such as Endpoint Detection and Response (EDR
), and can lock us out as penetration testers on hardened networks.
RDP Security Check
WinRM
WMI
Last updated