BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//conference.wireshark.org//sharkfest-24-eu//speaker//CWR9
 QW
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-sharkfest-24-eu-BB3E8B@conference.wireshark.org
DTSTART;TZID=CET:20241106T171500
DTEND;TZID=CET:20241106T181500
DESCRIPTION:In September 2018\, the Internet Crime Complaint Center (IC3)\,
  in collaboration with the Department of Homeland Security and the Federal
  Bureau of Investigation\, warned of attackers exploiting legitimate tools
  like Remote Desktop Protocol (RDP) for malicious purposes. This presentat
 ion explores a recently discovered large-scale RDP Tunneling Attack that w
 eaponized the mstshash cookie\, a session management mechanism within RDP.
  The most intriguing aspect of this attack was the attacker's diverse use 
 of protocols\, including TCP\, TLS\, SSL\, MEMCACHE\, Socks\, WOW\, WOWW\,
  MySQL\, X11\, MQTT\, LISP\, VICP\, RSL\, KDSP\, ICAP\, BitTorrent\, CVSPS
 ERVER\, NDPS\, PTP/IP\, TPM\, kNet\, ECMP\, and FF. This talk utilizes dee
 p packet inspection (DPI) analysis to dissect this attack\, revealing why 
 seemingly unrelated protocols were chosen and emphasizing the attacker's s
 trategy to bypass traditional security measures.
DTSTAMP:20260413T053540Z
LOCATION:Palais Sachsen Coburg I-III
SUMMARY:Deep packet inspection analyses: Unveiling a shocking RDP Attack th
 rough unusual protocol combinations - Michal Soltysik
URL:https://conference.wireshark.org/sharkfest-24-eu/talk/BB3E8B/
END:VEVENT
END:VCALENDAR