We wanted to build a mechanism to capture all the passwords used (successful or not) against RDP as we want ascertain potential sources of credential theft and if they are organisation specific. This post provides the background on an approach and the steps to build such a system.
Article Link: https://research.nccgroup.com/2021/01/10/building-an-rdp-credential-catcher-for-threat-intelligence/