I published an article on the IBM Security Intelligence blog : How Attackers Exploit the Remote Desktop Protocol.
This article covers the Remote Desktop Protocol (RDP) and how attackers attempt to exploit it. I provide a short introduction on what is RDP and who uses it and highlight some of its vulnerabilities, such as BlueKeep and DejaBlue. The article also includes a number of countermeasures that you can use to protect your RDP servers and which monitoring and forensic artifacts that are useful in case of incident response for RDP.
Read more at https://securityintelligence.com/articles/exploiting-remote-desktop-protocol/.