RDPHijack: uses WinStationConnect API to perform local/remote RDP session hijacking
BOF – RDPHijack Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket (e.g., golden ticket)...