Sign inCreate account
mastodon.sdf.org is part of the decentralized social network powered by Mastodon.
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko

Administered by:

Server stats:

2.6K
active users
Learn more

mastodon.sdf.org: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.1.24

RDP Snitch<p>2025-04-08 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 158769 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 59358<br>156.146.57.110 - 32190<br>15.204.41.136 - 16785</p><p>Top ASNs:<br>AS60068 - 60357<br>AS212238 - 48276<br>AS135161 - 23862</p><p>Top Accounts:<br>hello - 158664<br>Test - 24<br>Domain - 21</p><p>Top ISPs:<br>DataCamp Limited - 59358<br>Datacamp Limited - 49275<br>GMO-Z.COM PTE. LTD. - 23862</p><p>Top Clients:<br>Unknown - 158769</p><p>Top Software:<br>Unknown - 158769</p><p>Top Keyboards:<br>Unknown - 158769</p><p>Top IP Classification:<br>hosting &amp; proxy - 112296<br>hosting - 40692<br>proxy - 3654</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/wk5b0b0y" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/wk5b0b0y</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-08 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 158767 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 59357<br>156.146.57.110 - 32190<br>15.204.41.136 - 16785</p><p>Top ASNs:<br>AS60068 - 60356<br>AS212238 - 48276<br>AS135161 - 23861</p><p>Top Accounts:<br>hello - 158662<br>Test - 24<br>Domain - 21</p><p>Top ISPs:<br>DataCamp Limited - 59357<br>Datacamp Limited - 49275<br>GMO-Z.COM PTE. LTD. - 23861</p><p>Top Clients:<br>Unknown - 158767</p><p>Top Software:<br>Unknown - 158767</p><p>Top Keyboards:<br>Unknown - 158767</p><p>Top IP Classification:<br>hosting &amp; proxy - 112295<br>hosting - 40691<br>proxy - 3654</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/Ui7WpWGu" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/Ui7WpWGu</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-08 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 158765 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 59356<br>156.146.57.110 - 32190<br>15.204.41.136 - 16785</p><p>Top ASNs:<br>AS60068 - 60355<br>AS212238 - 48276<br>AS135161 - 23860</p><p>Top Accounts:<br>hello - 158660<br>Test - 24<br>Domain - 21</p><p>Top ISPs:<br>DataCamp Limited - 59356<br>Datacamp Limited - 49275<br>GMO-Z.COM PTE. LTD. - 23860</p><p>Top Clients:<br>Unknown - 158765</p><p>Top Software:<br>Unknown - 158765</p><p>Top Keyboards:<br>Unknown - 158765</p><p>Top IP Classification:<br>hosting &amp; proxy - 112294<br>hosting - 40690<br>proxy - 3654</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/4Vde6emM" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/4Vde6emM</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Terryn :unverified:<p>Why Learning Through Books is Key in Cybersecurity</p><p>📚 Types of Books<br>☯️ The Tao of Books<br>🏫 Other Sources of Information</p><p><a href="https://chocolatecoat4n6.com/2025/04/09/why-learning-through-books-is-key-in-cybersecurity/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chocolatecoat4n6.com/2025/04/0</span><span class="invisible">9/why-learning-through-books-is-key-in-cybersecurity/</span></a></p><p><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/books" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>books</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Alexis Brignoni :python: :donor:<p>LevelDB is one of the most underrated and under utilized data sources. </p><p>Excellent article by Alex Caithness from CCL Solutions Group on LevelDB and its importance: <a href="https://www.cclsolutionsgroup.com/post/hang-on-thats-not-sqlite-chrome-electron-and-leveldb" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cclsolutionsgroup.com/post/han</span><span class="invisible">g-on-thats-not-sqlite-chrome-electron-and-leveldb</span></a></p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileForensics</span></a></p>
Alex<p>We have a new Timesketch release: <a href="https://github.com/google/timesketch/releases/tag/20250408" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/google/timesketch/r</span><span class="invisible">eleases/tag/20250408</span></a><br>It includes AI / LLM things, new features, bugfixes and more. Check it out. <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a></p>
🐀<p><a href="https://www.linkedin.com/posts/jacob-williams-77938a16_if-youre-using-ivanti-at-the-perimeter-activity-7315327537818062848-FmLP" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linkedin.com/posts/jacob-willi</span><span class="invisible">ams-77938a16_if-youre-using-ivanti-at-the-perimeter-activity-7315327537818062848-FmLP</span></a><br> <a href="https://noc.social/tags/ivanti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ivanti</span></a> <a href="https://noc.social/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a></p>
Alexis Brignoni :python: :donor:<p>How to install and run <a href="https://infosec.exchange/tags/iLEAPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iLEAPP</span></a> on your computer or using the Atrio MK II from Arcpoint Forensics.</p><p><a href="https://www.arcpointforensics.com/news-1/ileapp" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">arcpointforensics.com/news-1/i</span><span class="invisible">leapp</span></a></p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileForensics</span></a></p>
RDP Snitch<p>2025-04-07 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 137460 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 60189<br>156.146.57.110 - 32676<br>156.146.57.52 - 8196</p><p>Top ASNs:<br>AS60068 - 70146<br>AS212238 - 49056<br>AS135161 - 11889</p><p>Top Accounts:<br>hello - 137346<br>Test - 33<br>Domain - 30</p><p>Top ISPs:<br>DataCamp Limited - 67401<br>Datacamp Limited - 51801<br>GMO-Z.COM PTE. LTD. - 11889</p><p>Top Clients:<br>Unknown - 137460</p><p>Top Software:<br>Unknown - 137460</p><p>Top Keyboards:<br>Unknown - 137460</p><p>Top IP Classification:<br>hosting &amp; proxy - 122082<br>hosting - 15285<br>Unknown - 63</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/cmU9imL6" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/cmU9imL6</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-07 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 137455 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 60188<br>156.146.57.110 - 32676<br>156.146.57.52 - 8195</p><p>Top ASNs:<br>AS60068 - 70145<br>AS212238 - 49055<br>AS135161 - 11887</p><p>Top Accounts:<br>hello - 137341<br>Test - 33<br>Domain - 30</p><p>Top ISPs:<br>DataCamp Limited - 67400<br>Datacamp Limited - 51800<br>GMO-Z.COM PTE. LTD. - 11887</p><p>Top Clients:<br>Unknown - 137455</p><p>Top Software:<br>Unknown - 137455</p><p>Top Keyboards:<br>Unknown - 137455</p><p>Top IP Classification:<br>hosting &amp; proxy - 122080<br>hosting - 15282<br>Unknown - 63</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/1jAiNJiW" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/1jAiNJiW</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-07 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 137450 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 60187<br>156.146.57.110 - 32676<br>156.146.57.52 - 8194</p><p>Top ASNs:<br>AS60068 - 70144<br>AS212238 - 49054<br>AS135161 - 11885</p><p>Top Accounts:<br>hello - 137336<br>Test - 33<br>Domain - 30</p><p>Top ISPs:<br>DataCamp Limited - 67399<br>Datacamp Limited - 51799<br>GMO-Z.COM PTE. LTD. - 11885</p><p>Top Clients:<br>Unknown - 137450</p><p>Top Software:<br>Unknown - 137450</p><p>Top Keyboards:<br>Unknown - 137450</p><p>Top IP Classification:<br>hosting &amp; proxy - 122078<br>hosting - 15279<br>Unknown - 63</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/SP71TdhK" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/SP71TdhK</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
DEVCE CIC<p>We'd just like to thank everyone who responded to our Pace Section 69 survey. We've nearly finished the report for the Ministry of Justice inquiry and will be sending a copy to all participants who requested one early next week. <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/ComputerEvidence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComputerEvidence</span></a> <a href="https://infosec.exchange/tags/Law" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Law</span></a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a></p>
Alexis Brignoni :python: :donor:<p>🏦 From the meme vault</p><p><a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileForensics</span></a></p>
The DFIR Report<p>“In this specific case, thanks to the capabilities of Sysmon, and particularly Event ID 22, we can easily gain insight into the subdomains that were used. For this case we observed TXT records being utilized for C2 communication rather than MX records. This can be identified by the "type: 16" in the Sysmon logs seen above. </p><p>Below is a sample list that, while not exhaustive, provides a clear example of the traffic patterns:”</p><p>The above is from a recent Private Threat Brief: "A MadMXShell Encore"</p><p> Services: <a href="https://thedfirreport.com/services/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">thedfirreport.com/services/</span><span class="invisible"></span></a></p><p> Contact Us: <a href="https://thedfirreport.com/contact/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">thedfirreport.com/contact/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a></p>
RDP Snitch<p>2025-04-06 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 129033 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 60378<br>156.146.57.110 - 32850<br>156.146.57.174 - 8205</p><p>Top ASNs:<br>AS60068 - 68520<br>AS212238 - 49206<br>AS135161 - 8196</p><p>Top Accounts:<br>hello - 128910<br>Test - 24<br>Domain - 18</p><p>Top ISPs:<br>DataCamp Limited - 68520<br>Datacamp Limited - 49206<br>GMO-Z.COM PTE. LTD. - 8196</p><p>Top Clients:<br>Unknown - 129033</p><p>Top Software:<br>Unknown - 129033</p><p>Top Keyboards:<br>Unknown - 129033</p><p>Top IP Classification:<br>hosting &amp; proxy - 120696<br>hosting - 8259<br>Unknown - 57</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/SwvXqAKk" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/SwvXqAKk</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-06 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 129030 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 60377<br>156.146.57.110 - 32849<br>156.146.57.174 - 8204</p><p>Top ASNs:<br>AS60068 - 68519<br>AS212238 - 49204<br>AS135161 - 8196</p><p>Top Accounts:<br>hello - 128907<br>Test - 24<br>Domain - 18</p><p>Top ISPs:<br>DataCamp Limited - 68519<br>Datacamp Limited - 49204<br>GMO-Z.COM PTE. LTD. - 8196</p><p>Top Clients:<br>Unknown - 129030</p><p>Top Software:<br>Unknown - 129030</p><p>Top Keyboards:<br>Unknown - 129030</p><p>Top IP Classification:<br>hosting &amp; proxy - 120693<br>hosting - 8259<br>Unknown - 57</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/VTh4tESN" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/VTh4tESN</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-06 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 129027 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 60376<br>156.146.57.110 - 32848<br>156.146.57.174 - 8203</p><p>Top ASNs:<br>AS60068 - 68518<br>AS212238 - 49202<br>AS135161 - 8196</p><p>Top Accounts:<br>hello - 128904<br>Test - 24<br>Domain - 18</p><p>Top ISPs:<br>DataCamp Limited - 68518<br>Datacamp Limited - 49202<br>GMO-Z.COM PTE. LTD. - 8196</p><p>Top Clients:<br>Unknown - 129027</p><p>Top Software:<br>Unknown - 129027</p><p>Top Keyboards:<br>Unknown - 129027</p><p>Top IP Classification:<br>hosting &amp; proxy - 120690<br>hosting - 8259<br>Unknown - 57</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/jcgYZsnS" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/jcgYZsnS</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Alexis Brignoni :python: :donor:<p>Current <a href="https://infosec.exchange/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iOS</span></a> extraction order of volatility to mitigate log wiping by <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a> tools:</p><p>0) Extract iOS Sysdiagnose/Unified logs from the device.<br>1) Conduct a full file system extraction.</p><p><a href="https://infosec.exchange/tags/VendorsNeedToAdress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VendorsNeedToAdress</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileForensics</span></a></p>
13reak :fedora:<p>Recently used GOAD for an Active Directory hacking lab:<br><a href="https://github.com/Orange-Cyberdefense/GOAD" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/Orange-Cyberdefense</span><span class="invisible">/GOAD</span></a></p><p>If you enable the Wazuh extension, it's quite easy to setup velociraptor on that machine too and have a blue team test lab added to GOAD.</p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/velociraptor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>velociraptor</span></a> <a href="https://infosec.exchange/tags/cyberrange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberrange</span></a></p>
RDP Snitch<p>2025-04-05 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 131802 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 61704<br>156.146.57.110 - 33315<br>156.146.57.52 - 8331</p><p>Top ASNs:<br>AS60068 - 69975<br>AS212238 - 49962<br>AS135161 - 8313</p><p>Top Accounts:<br>hello - 131721<br>Test - 18<br>(empty) - 9</p><p>Top ISPs:<br>DataCamp Limited - 69975<br>Datacamp Limited - 49962<br>GMO-Z.COM PTE. LTD. - 8313</p><p>Top Clients:<br>Unknown - 131802</p><p>Top Software:<br>Unknown - 131802</p><p>Top Keyboards:<br>Unknown - 131802</p><p>Top IP Classification:<br>hosting &amp; proxy - 123366<br>hosting - 8379<br>proxy - 30</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/mxUGMJPT" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/mxUGMJPT</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
ExploreLocalFederated
About

Trending now

#koalitionsvertrag134 people in the past 2 days
#blamewithasongpoemorlimerick66 people in the past 2 days
#meermittwoch68 people in the past 2 days