Posted by Kevin Beaumont on Mar 20

So this is a pretty big issue, which it looks like the Mimikatz guys
flagged in an all French blog post in 2011 but it flew under the radar.

I’ve written about it here:
https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6#.o2af8u9op

Now, you might well say ‘If you have SYSTEM you already own the box’ – and
you’re right. But with one command…