I have been a follower of Jim Browning for quite a while. One thing I'm curious about him is the tool he is using to get reverse remote desktop connection on the scammer computer right after the scammer takes control of his first.
As a noob, my best guess is he utilizes 0-day vulnerabilities on the remote desktop application.
What do you think?