The RDP protocol has a wide variety of interesting features, yet no tool supported the complexity of the protocol for information security purposes. To address this, created PyRDP, an open-source, general-purpose RDP man-in-the-middle (MITM) tool. It allows complete interception of RDP sessions with offensive capabilities and advanced features to analyze such sessions, such as listing the client’s drive content, saving the transferred files and clipboard content. This opens the door for new techniques in malware research and pentesting for a protocol that is increasingly looked at by security researchers. We will demonstrate this by showing replays of a bad actor we caught using PyRDP. The talk will also give recommendations to mitigate the risk of MITM attacks on a network.