White Paper: RustDesk Playbook

Executive Summary

RustDesk is an open‑source remote‑desktop utility whose self‑hosting and relay‑tunnelling features have made it a favorite of ransomware operators, state‑sponsored teams, and trusted insiders seeking unsanctioned remote access. This white paper puts RustDesk through several scenarios involving malicious internal and external actors and translates forensic artefacts into KQL/SPL hunt queries. Any playbook is living, so please take a moment to let us know how we can improve ours. Some of the playbook recommendations included herein have been field tested – others are based on best practices and require independent validation.