Found this interesting RDP stealer
RDPCredStealerDLL:
This code is an implementation of a hooking technique in C++ using the Detours library. It specifically targets the CredUnPackAuthenticationBufferW function from the credui.dll library, which is responsible for unpacking authentication buffers used in credential operations. Let's break down the code step by step: The necessary header files are included, such as windows.h, wincred.h, detours.h, and others. A function pointer type CredUnPackAuthenticationBufferW_t is defined, representing the original CredUnPackAuthenticationBufferW function's signature. The function pointer pCredUnPackAuthenticationBufferW is declared, which will be used to store the address of the original function.
more info: https://medium.com/@s12deff/steal-rdp-password-with-api-hooking-39a4e6b48fde
GitHub - S12cybersecurity/RDPCredentialStealer: RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++
RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++ - GitHub - S12cybersecurity/RDPCredentialStealer: RDPCredentialStealer ...
github.com
RDPCredStealerDLL:
This code is an implementation of a hooking technique in C++ using the Detours library. It specifically targets the CredUnPackAuthenticationBufferW function from the credui.dll library, which is responsible for unpacking authentication buffers used in credential operations. Let's break down the code step by step: The necessary header files are included, such as windows.h, wincred.h, detours.h, and others. A function pointer type CredUnPackAuthenticationBufferW_t is defined, representing the original CredUnPackAuthenticationBufferW function's signature. The function pointer pCredUnPackAuthenticationBufferW is declared, which will be used to store the address of the original function.
more info: https://medium.com/@s12deff/steal-rdp-password-with-api-hooking-39a4e6b48fde