This document provides an overview and summary of a training on analyzing malicious RDP usage. It begins with an introduction to the common use of RDP in attacks. It then covers RDP protocols, vulnerabilities, and common attack vectors like exploiting pre-authentication vulnerabilities. The document discusses analyzing RDP event logs and connections to detect malicious activity. It concludes with recommendations for securing RDP, such as enabling Network Level Authentication, using an RDP gateway, and implementing two-factor authentication.