Subj : Ganked
To   : All
From : poindexter FORTRAN
Date : Sat Dec 12 2020 07:06:00

Somebody ganked my work laptop yesterday!

I'm setting up a new office, and had to use the AT&T circuit we're
using with our firewall. AT&T's router has a small range of public IPs
it can serve.

I was on for about 30 minutes and started noticing some odd behavior.
My infosec department saw inbound connection attempts on 3389 and
locked my laptop out. On the phone with them, I noted that there was a
background process that kept blinking in and out, and you could see an
app on the task bar flicker briefly.

Looked at the event logs and saw 1800+ RDP password failures, all
usernames starting with the letter "A" and "B".

I'm going to have to re-image it, but I want to do some forensics
first. It's locked out of the network, so it's safe.



.... The exception also declares the rule
--- MultiMail/XT v0.52
 * Origin: realitycheckBBS.org -- information is power. (700:100/20)

.