The Attacker’s Dictionary - Auditing Criminal Credential Attacks

By: Tod Beardsley, Senior Security Research Manager
Roy Hodgman, Data Scientist
Jon Hart, Senior Security Researcher
Harley Geiger, Director of Public Policy

Fill out the form below to download the report

This paper is the product of nearly a year’s worth of opportunistic credential scanning data collected from Heisenberg, Rapid7’s public-facing network of low-interaction honeypots. Instead of focusing on the passwords that end users typically pick, with this data we can see what opportunistic scanners are using in order to test— and likely compromise— Internet connected point of sale (POS) systems, kiosks, and scamware-compromised desktop PCs which offer the Remote Desktop Protocol (RDP) service for remote management.