RDP Snitch<p>2025-04-17 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 7998 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.181 - 7302<br>159.89.6.147 - 420<br>211.185.207.14 - 57</p><p>Top ASNs:<br>AS212238 - 7302<br>AS14061 - 423<br>AS4766 - 57</p><p>Top Accounts:<br>hello - 7740<br>142.93.8.59 - 162<br>Domain - 18</p><p>Top ISPs:<br>Datacamp Limited - 7302<br>DigitalOcean, LLC - 423<br>Korea Telecom - 57</p><p>Top Clients:<br>Unknown - 7998</p><p>Top Software:<br>Unknown - 7998</p><p>Top Keyboards:<br>Unknown - 7998</p><p>Top IP Classification:<br>hosting & proxy - 7302<br>hosting - 468<br>Unknown - 210</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/8yL0pkU7" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/8yL0pkU7</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mas.to is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hello! mas.to is a fast, up-to-date and fun Mastodon server.
Administered by:
Server stats:
12Kactive users
mas.to: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#dfir
41 posts · 25 participants · 3 posts today
RDP Snitch<p>2025-04-17 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 5332 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.181 - 4868<br>159.89.6.147 - 280<br>211.185.207.14 - 38</p><p>Top ASNs:<br>AS212238 - 4868<br>AS14061 - 282<br>AS4766 - 38</p><p>Top Accounts:<br>hello - 5160<br>142.93.8.59 - 108<br>Domain - 12</p><p>Top ISPs:<br>Datacamp Limited - 4868<br>DigitalOcean, LLC - 282<br>Korea Telecom - 38</p><p>Top Clients:<br>Unknown - 5332</p><p>Top Software:<br>Unknown - 5332</p><p>Top Keyboards:<br>Unknown - 5332</p><p>Top IP Classification:<br>hosting & proxy - 4868<br>hosting - 312<br>Unknown - 140</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/Xed8e9un" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/Xed8e9un</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-17 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 2666 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.181 - 2434<br>159.89.6.147 - 140<br>211.185.207.14 - 19</p><p>Top ASNs:<br>AS212238 - 2434<br>AS14061 - 141<br>AS4766 - 19</p><p>Top Accounts:<br>hello - 2580<br>142.93.8.59 - 54<br>Domain - 6</p><p>Top ISPs:<br>Datacamp Limited - 2434<br>DigitalOcean, LLC - 141<br>Korea Telecom - 19</p><p>Top Clients:<br>Unknown - 2666</p><p>Top Software:<br>Unknown - 2666</p><p>Top Keyboards:<br>Unknown - 2666</p><p>Top IP Classification:<br>hosting & proxy - 2434<br>hosting - 156<br>Unknown - 70</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/HetMefCE" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/HetMefCE</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
LMG Security<p>How your team responds to a data breach can make a $1.5 million difference in damages. In our latest blog, Security Consultant Derek Rowe answers frequently asked questions about critical incident response training. This FAQ covers everything from what to look for in a class and how to grade your IT training maturity, to how IT training impacts compliance and BCDR.</p><p>Don’t wait for an attack to find out how prepared your team is. Read the blog: <a href="https://www.lmgsecurity.com/critical-incident-response-training-your-top-questions-answered/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lmgsecurity.com/critical-incid</span><span class="invisible">ent-response-training-your-top-questions-answered/</span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/Training" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Training</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/IncidentResponseTraining" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IncidentResponseTraining</span></a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberThreats</span></a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataBreach</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RiskManagement</span></a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyberaware</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMB</span></a> <a href="https://infosec.exchange/tags/CEO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CEO</span></a> <a href="https://infosec.exchange/tags/CIO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIO</span></a></p>
Kevin Pagano - Stark 4N6 :verified:<p>Minor version update for <a href="https://infosec.exchange/tags/Autopsy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Autopsy</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.22.1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/sleuthkit/autopsy/r</span><span class="invisible">eleases/tag/autopsy-4.22.1</span></a></p>
Andrea Draghetti 🎣<p>Boost your <a href="https://mastodon.social/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatHunting</span></a> game!<br><a href="https://mastodon.social/tags/FindUnusualSessions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FindUnusualSessions</span></a> by <span class="h-card" translate="no"><a href="https://infosec.exchange/@podalirius" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>podalirius</span></a></span> spots suspicious Kerberos sessions in Active Directory.<br>A must-have for any <a href="https://mastodon.social/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a>!</p><p>GitHub: <a href="https://github.com/p0dalirius/FindUnusualSessions" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/p0dalirius/FindUnus</span><span class="invisible">ualSessions</span></a></p><p><a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://mastodon.social/tags/ADSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ADSecurity</span></a> <a href="https://mastodon.social/tags/BlueTeamTools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeamTools</span></a></p>
Doug Metz<p>Mining for Mismatches: Detecting Executables Disguised as Image Files <a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MalwareAnalysis</span></a> <a href="https://infosec.exchange/tags/YARA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YARA</span></a></p><p><a href="http://bakerstreetforensics.com/2025/04/17/mining-for-mismatches-detecting-executables-disguised-as-image-files/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">bakerstreetforensics.com/2025/</span><span class="invisible">04/17/mining-for-mismatches-detecting-executables-disguised-as-image-files/</span></a></p>
Saltmyhash<p>This NLRB whistleblower complaint is a horror story for any CERT team. As a CTI/SOC analyst, if I see spawned powershell invoking web requests to some random-ass AI API reverse-engineering tool/headless browser repository, large outbound byte transfers measured in GBs, or conditional access policies/MFA being tampered with, you’re getting isolated and we’re standing up an incident response bridge. Also, someone on your team has an info stealer on their device if they’re seeing attempted logins from a foreign country within fifteen minutes of account creation. </p><p>This is an insider threat case of the worst kind: one your security team gets to watch but can’t do a damn thing to stop. </p><p><a href="https://arstechnica.com/tech-policy/2025/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/?comments-page=1#comments" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/tech-policy/20</span><span class="invisible">25/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/?comments-page=1#comments</span></a></p><p><a href="https://whistlebloweraid.org/wp-content/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">whistlebloweraid.org/wp-conten</span><span class="invisible">t/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf</span></a></p><p><a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a> <a href="https://infosec.exchange/tags/soc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>soc</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
RDP Snitch<p>2025-04-15 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 8103 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.47 - 5064<br>156.146.57.181 - 2304<br>222.100.239.9 - 453</p><p>Top ASNs:<br>AS212238 - 7368<br>AS4766 - 486<br>AS48721 - 63</p><p>Top Accounts:<br>hello - 7839<br>142.93.8.59 - 177<br>Administr - 27</p><p>Top ISPs:<br>Datacamp Limited - 7368<br>Korea Telecom - 486<br>Flyservers S.A. - 63</p><p>Top Clients:<br>Unknown - 8103</p><p>Top Software:<br>Unknown - 8103</p><p>Top Keyboards:<br>Unknown - 8103</p><p>Top IP Classification:<br>hosting & proxy - 7371<br>Unknown - 660<br>hosting - 54</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/z6D3U676" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/z6D3U676</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-15 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 8102 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.47 - 5064<br>156.146.57.181 - 2304<br>222.100.239.9 - 452</p><p>Top ASNs:<br>AS212238 - 7368<br>AS4766 - 485<br>AS48721 - 63</p><p>Top Accounts:<br>hello - 7838<br>142.93.8.59 - 177<br>Administr - 27</p><p>Top ISPs:<br>Datacamp Limited - 7368<br>Korea Telecom - 485<br>Flyservers S.A. - 63</p><p>Top Clients:<br>Unknown - 8102</p><p>Top Software:<br>Unknown - 8102</p><p>Top Keyboards:<br>Unknown - 8102</p><p>Top IP Classification:<br>hosting & proxy - 7371<br>Unknown - 659<br>hosting - 54</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/eBM4Ac2a" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/eBM4Ac2a</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-15 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 8101 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.47 - 5064<br>156.146.57.181 - 2304<br>222.100.239.9 - 451</p><p>Top ASNs:<br>AS212238 - 7368<br>AS4766 - 484<br>AS48721 - 63</p><p>Top Accounts:<br>hello - 7837<br>142.93.8.59 - 177<br>Administr - 27</p><p>Top ISPs:<br>Datacamp Limited - 7368<br>Korea Telecom - 484<br>Flyservers S.A. - 63</p><p>Top Clients:<br>Unknown - 8101</p><p>Top Software:<br>Unknown - 8101</p><p>Top Keyboards:<br>Unknown - 8101</p><p>Top IP Classification:<br>hosting & proxy - 7371<br>Unknown - 658<br>hosting - 54</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/FFA19xba" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/FFA19xba</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Alexis Brignoni :python: :donor:<p>Is the tool vendor provided training subject to tariffs too?</p><p><a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileForensics</span></a> <a href="https://infosec.exchange/tags/SameContentForDoubleThePrice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SameContentForDoubleThePrice</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a></p>
DFN-CERT<p>🐰 Rechtzeitig zu Ostern: neue Versionen von <a href="https://infosec.exchange/tags/Sleuthkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sleuthkit</span></a> und <a href="https://infosec.exchange/tags/Autopsy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Autopsy</span></a> erschienen:</p><p><a href="https://github.com/sleuthkit/sleuthkit/releases/tag/sleuthkit-4.14.0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/sleuthkit/sleuthkit</span><span class="invisible">/releases/tag/sleuthkit-4.14.0</span></a></p><p><a href="https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.22.1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/sleuthkit/autopsy/r</span><span class="invisible">eleases/tag/autopsy-4.22.1</span></a></p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/Forensik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Forensik</span></a></p>
RDP Snitch<p>2025-04-15 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 8100 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.47 - 5064<br>156.146.57.181 - 2304<br>222.100.239.9 - 450</p><p>Top ASNs:<br>AS212238 - 7368<br>AS4766 - 483<br>AS48721 - 63</p><p>Top Accounts:<br>hello - 7836<br>142.93.8.59 - 177<br>Administr - 27</p><p>Top ISPs:<br>Datacamp Limited - 7368<br>Korea Telecom - 483<br>Flyservers S.A. - 63</p><p>Top Clients:<br>Unknown - 8100</p><p>Top Software:<br>Unknown - 8100</p><p>Top Keyboards:<br>Unknown - 8100</p><p>Top IP Classification:<br>hosting & proxy - 7371<br>Unknown - 657<br>hosting - 54</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/ZsnpxT0s" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/ZsnpxT0s</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-15 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 5400 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.47 - 3376<br>156.146.57.181 - 1536<br>222.100.239.9 - 300</p><p>Top ASNs:<br>AS212238 - 4912<br>AS4766 - 322<br>AS48721 - 42</p><p>Top Accounts:<br>hello - 5224<br>142.93.8.59 - 118<br>Administr - 18</p><p>Top ISPs:<br>Datacamp Limited - 4912<br>Korea Telecom - 322<br>Flyservers S.A. - 42</p><p>Top Clients:<br>Unknown - 5400</p><p>Top Software:<br>Unknown - 5400</p><p>Top Keyboards:<br>Unknown - 5400</p><p>Top IP Classification:<br>hosting & proxy - 4914<br>Unknown - 438<br>hosting - 36</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/8N8ddzKh" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/8N8ddzKh</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-15 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 2700 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>156.146.57.47 - 1688<br>156.146.57.181 - 768<br>222.100.239.9 - 150</p><p>Top ASNs:<br>AS212238 - 2456<br>AS4766 - 161<br>AS48721 - 21</p><p>Top Accounts:<br>hello - 2612<br>142.93.8.59 - 59<br>Administr - 9</p><p>Top ISPs:<br>Datacamp Limited - 2456<br>Korea Telecom - 161<br>Flyservers S.A. - 21</p><p>Top Clients:<br>Unknown - 2700</p><p>Top Software:<br>Unknown - 2700</p><p>Top Keyboards:<br>Unknown - 2700</p><p>Top IP Classification:<br>hosting & proxy - 2457<br>Unknown - 219<br>hosting - 18</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/yTbq0QFF" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/yTbq0QFF</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
13reak :fedora:<p>How to reconstruct OneDrive?</p><p>OneDriveExplorer (by <span class="h-card" translate="no"><a href="https://infosec.exchange/@Beercow" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Beercow</span></a></span>) can reconstruct OneDrive from <code><UserCid>.dat</code> or SQLite databases etc.</p><p>Check it out:<br><a href="https://github.com/Beercow/OneDriveExplorer" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/Beercow/OneDriveExp</span><span class="invisible">lorer</span></a></p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/artifact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>artifact</span></a> <a href="https://infosec.exchange/tags/azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>azure</span></a> <a href="https://infosec.exchange/tags/onedrive" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>onedrive</span></a> <a href="https://infosec.exchange/tags/knowledgedrop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>knowledgedrop</span></a></p>
13reak :fedora:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@chrissanders88" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>chrissanders88</span></a></span> </p><p>Getting the volatile data first with velociraptor Windows.System.DLLs.<br>(Maybe the dll is still loaded)</p><p>Then of course, getting the dll from the file system. Maybe dumping it in a sandbox /checking the hash on virus total.</p><p>Otherwise evidence of execution. I think e.g. AppCompatCache also lists dlls.</p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/velociraptor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>velociraptor</span></a></p>
Chris Sanders 🔎 🧠<p>Investigation Scenario 🔎</p><p>The process explorer.exe spawned rundll32.exe on a system on your network.</p><p>What do you look for to investigate whether an incident occurred?</p><p>Assume you have access to whatever digital evidence source you need.</p><p><a href="https://infosec.exchange/tags/InvestigationPath" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InvestigationPath</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a></p>
LMG Security<p>Watch this week's episode of Cyberside Chats! What happens to sensitive data when a company built on it collapses? In this episode, <span class="h-card" translate="no"><a href="https://infosec.exchange/@sherridavidoff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sherridavidoff</span></a></span> and <span class="h-card" translate="no"><a href="https://infosec.exchange/@MDurrin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>MDurrin</span></a></span> dive into the 23andMe data breach, its March 2025 bankruptcy, and the lessons we can learn from the Flyclear shutdown of 2009. </p><p>Watch or listen as Sherri and Matt share:</p><p>▪ What happens to biometric & genetic data when a vendor goes under?<br>▪ Where did security protections fail?<br>▪ What should CISOs & corporate security leaders do differently?<br>▪ Actionable insights and a roadmap for corporate resilience.</p><p>Watch the video: <a href="https://youtu.be/6a003fd2qmM" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/6a003fd2qmM</span><span class="invisible"></span></a></p><p>Listen to the podcast: <a href="https://www.chatcyberside.com/e/privacy-at-risk-the-23andme-data-breach-uncovered/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">chatcyberside.com/e/privacy-at</span><span class="invisible">-risk-the-23andme-data-breach-uncovered/</span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Databreach</span></a> <a href="https://infosec.exchange/tags/23andMe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>23andMe</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RiskManagement</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload