Decrypt-RDCMan.ps1

Description

(SecureWorks) Decrypt-RDCMan.ps1 is a component of the PoshC2 penetration testing framework. It is used to decrypt passwords stored in the RDCMan configuration file, which stores details of servers and encrypted credentials to quickly establish remote desktop sessions. Recovered credentials could give the threat actors additional access within the environment. LYCEUM deployed this tool via DanBot approximately one hour after gaining initial access to a compromised environment.

Names

Name
Decrypt-RDCMan.ps1

Type

Vulnerability scanner

Information

https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
https://github.com/nettitude/PoshC2/blob/master/Modules/Decrypt-RDCMan.ps1

Other Information

Uuid

ea6934f2-757c-4ac1-a661-68e0fe0be04c

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

Decrypt-RDCMan.ps1

Decrypt-RDCMan.ps1

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks