https://pentestlab.blog/2021/05/24/dumping-rdp-credentials/
https://github.com/synacktiv/ica2tcp
Ica2Tcp is a tool developed in C allowing to proxy any TCP connection inside a Citrix ICA connection. It is to Citrix what ssh -D is to SSH.
Offensive_tools/citrix_selenium.py at main · post-cyberlabs/Offensive_tools
This script is used to replay Citrix credentials + OTP gathered during phishing attack on the real Citrix targeted host.
Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog
The campaign employed signed .rdp file attachments to establish Remote Desktop Protocol (RDP) connections from victims' machines. Unlike typical RDP attacks focused on interactive sessions, this campaign creatively leveraged resource redirection (mapping victim file systems to the attacker servers) and RemoteApps (presenting attacker-controlled applications to victims). Evidence suggests this campaign may have involved the use of an RDP proxy tool like PyRDP to automate malicious activities like file exfiltration and clipboard capture. This technique has been previously dubbed as “Rogue RDP.”