Remote Desktop Attack Let Hackers Exfiltrate Sensitive Data From Organization
https://cybersecuritynews.com/remote-desktop-puzzle/
A new technique where attackers leverage forgotten artifacts from Remote Desktop Protocol (RDP) sessions to reconstruct sensitive information long after connections have ended.
The technique exploits the RDP bitmap cache, a performance optimization feature that stores screen elements locally as small tiles. While designed to enhance connection speed by caching static elements rather than repeatedly transmitting them, these cached tiles persist after sessions end, creating an unintentional record of remote activities
originally posted at https://stacker.news/items/970195
ch0k1
npub1k3…q9t9m
2025-05-03 12:11:38
Author Public Key
npub1k3qrkfq45qsvyp53hvvv2xk6tt9kfdca9asfvm9nc796dq65948q9q9t9mPublished at
2025-05-03 12:11:38Event JSON
{
"id": "ab6eb2a4d1b60dbe800c66e8bbbfb9c08cfbd2672c09a781ad8d6a19894e7689",
"pubkey": "b4403b2415a020c20691bb18c51ada5acb64b71d2f60966cb3c78ba683542d4e",
"created_at": 1746274298,
"kind": 1,
"tags": [
[
"client",
"stacker.news"
]
],
"content": "Remote Desktop Attack Let Hackers Exfiltrate Sensitive Data From Organization\nhttps://cybersecuritynews.com/remote-desktop-puzzle/\n\nA new technique where attackers leverage forgotten artifacts from Remote Desktop Protocol (RDP) sessions to reconstruct sensitive information long after connections have ended.\n\nThe technique exploits the RDP bitmap cache, a performance optimization feature that stores screen elements locally as small tiles. While designed to enhance connection speed by caching static elements rather than repeatedly transmitting them, these cached tiles persist after sessions end, creating an unintentional record of remote activities\n\noriginally posted at https://stacker.news/items/970195",
"sig": "162025471dc3037a58d2ae330c1ce5e81a862d4b21ad9063542a7eeacbf1ee7a0b245038985b7ecb6c73ca7103ac9942e22465d8e22170075aa0f9d6885bd43a"
}