Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # RDP Detection Validation Script
- # Target: xsiamclient02
- # Purpose: Generate telemetry for XDR validation
- $target = ""
- $testUser = "SimulatedAttacker"
- $iterations = 5 # Small number for validation; avoids account lockout
- Write-Host "Starting RDP validation telemetry generation for $target..." -ForegroundColor Cyan
- for ($i = 1; $i -le $iterations; $i++) {
- Write-Host "Attempt $i: Initiating RDP connection signal..." -ForegroundColor Yellow
- # 1. Simulates the process activity (mstsc.exe)
- # 2. Generates the network connection attempt to port 3389
- # Using 'cmdkey' allows the script to pass a "bad" credential without a GUI popup
- cmdkey /add:$target /user:$testUser /pass:"WrongPassword$i"
- # Start the RDP process (it will fail authentication silently or show a prompt)
- Start-Process mstsc.exe -ArgumentList "/v:$target" -WindowStyle Hidden
- # Brief pause to allow the agent to capture the session start
- Start-Sleep -Seconds 3
- # Clean up the process and the cached "bad" credential
- Stop-Process -Name mstsc -ErrorAction SilentlyContinue
- cmdkey /delete:$target
- }
- Write-Host "Validation complete. Check XSIAM for Event ID 4625 and mstsc.exe activity." -ForegroundColor Green
Advertisement
