Mini Blue Team Diaries Story - Pride Month Special Edition:

You might be wondering, how could their possibly be an incident response story linked to pride month? Well, buckle up, because its a good one.

So, this happened a number of years ago, when it first became common for companies to update their logos on their social media pages to show support for Pride month.

Leadership had noticed that the company had not updated the logo, like so many others had, and as such, made a request to marketing to do so. It was late on a Thursday, and the person responsible for social media was about to leave for vacation - literally that evening, but the graphic designer jumped on the request, and by the end of the day, the modified logo was up.

Late that night, the Security On-call pager goes off, and I respond. "What's up?"

"Do you have access to our social media profiles by chance?" came the worried voice at the end of the line.

"Erm, yeah sure, I can get it, but why? What's up?"

Access to our social platforms was managed via SSO to a management tool, and since I had SSO admin access, I could just assign it to myself in the event of an incident.

"We need to change the logo back on Twitter - there is a problem with the pride one, but [social media manager] is on vacation."

"Mmmm. Ok." I was wondering, what on earth was wrong with the logo. "When you say, there is a problem with the logo, how so?"

"Erm. Apparently they did the wrong colors or something, and people are kicking off about it on social media."

Still confused I dutifully fired up the computer, and browsed to the Twitter page of the company.

It was immediately obvious to me, a nerd, what they'd done. In their quest to produce a pride logo, rather than base the logo on the pride flag, as one normally would, they somehow managed to take the rainbow colors from the old Apple logo and use them as the basis for the pride logo instead. Quite rightly this was being ridiculed by the masses.

I was able to revert the logo for them until the social media manager was able to fix it properly the next day, but in a further, even more hilarious turn of events, a post with the Apple pride logo had done the rounds in the company Slack and one employee had dutifully captured the image and turned it into an emoji for everyone to use - and many had already adopted said emoji into their usernames on Slack.

So yeah, proof, I think that you never know what is going to be on the end of the phone when the on-call strikes.

Want more stories like this? Check out: infosecdiaries.com/ and Happy Pride Month!

#infosec #DFIR #BlueTeam

Cybersecurity Teams Face Simulated Supermarket Cyber-Attack Test

Get ready to enter the war room and face off against a simulated cyber-attack in a thrilling tabletop experience, where you'll play out a high-stakes battle to protect a fictional supermarket from a multi-stage cyber threat. Join Semperis at Infosecurity Europe 2026 for a 90-minute immersive roleplaying simulation that puts your cybersecurity…

https://osintsights.com/cybersecurity-teams-face-simulated-supermarket-cyber-attack-test?utm_source=mastodon&utm_medium=social

#Retail #CyberAttack #TabletopExercise #RedTeam #BlueTeam

What does internet background noise actually look like?

We captured a real-time view from The OpenCanary Experience and visualized the activity as a classic WarGames-style threat map.
The result is a striking reminder that automated scanning, probing, and opportunistic attacks are constant realities on today's internet.

🎥 Watch the threat map in action below.
Explore the live map yourself:
https://sc.toce.ch/lithreatmap

Built as part of The OpenCanary Experience, this visualization helps make otherwise invisible network activity easier to understand and discuss.
What patterns stand out to you?

#CyberSecurity #ThreatIntelligence #OpenCanary #BlueTeam #InfoSec #ThreatHunting #NetworkSecurity #SOC

2026-05-31 RDP #Honeypot IOCs - 744 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
152.42.212.128 - 342
150.241.205.170 - 141
80.94.95.221 - 117

Top ASNs:
AS14061 - 363
AS151338 - 141
AS204428 - 117

Top Accounts:
hello - 543
Administr - 120
(empty) - 36

Top ISPs:
DigitalOcean, LLC - 363
Polonetwork Limited - 141
SS-Net - 117

Top Clients:
Unknown - 744

Top Software:
Unknown - 744

Top Keyboards:
Unknown - 744

Top IP Classification:
hosting - 393
Unknown - 348
hosting & proxy - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-31 RDP #Honeypot IOCs - 496 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
152.42.212.128 - 228
150.241.205.170 - 94
80.94.95.221 - 78

Top ASNs:
AS14061 - 242
AS151338 - 94
AS204428 - 78

Top Accounts:
hello - 362
Administr - 80
(empty) - 24

Top ISPs:
DigitalOcean, LLC - 242
Polonetwork Limited - 94
SS-Net - 78

Top Clients:
Unknown - 496

Top Software:
Unknown - 496

Top Keyboards:
Unknown - 496

Top IP Classification:
hosting - 262
Unknown - 232
hosting & proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-31 RDP #Honeypot IOCs - 248 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
152.42.212.128 - 114
150.241.205.170 - 47
80.94.95.221 - 39

Top ASNs:
AS14061 - 121
AS151338 - 47
AS204428 - 39

Top Accounts:
hello - 181
Administr - 40
(empty) - 12

Top ISPs:
DigitalOcean, LLC - 121
Polonetwork Limited - 47
SS-Net - 39

Top Clients:
Unknown - 248

Top Software:
Unknown - 248

Top Keyboards:
Unknown - 248

Top IP Classification:
hosting - 131
Unknown - 116
hosting & proxy - 1

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Malware analysis : outils ou état d'esprit ?

Les outils changent, les techniques évoluent — mais la capacité à raisonner sur un comportement inconnu reste le cœur du métier. Un sandbox ne remplace pas la compréhension de ce que le code *tente* de faire, ni pourquoi il le cache.

L'outillage facilite. L'analyse, elle, reste un muscle à entretenir. 🧠

#infosec #MalwareAnalysis #BlueTeam
https://www.secjuice.com/malware-analysis/

2026-05-30 RDP #Honeypot IOCs - 879 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
150.241.205.170 - 693
80.94.95.221 - 60
193.169.194.14 - 30

Top ASNs:
AS151338 - 693
AS204428 - 60
AS396982 - 39

Top Accounts:
hello - 708
Administr - 63
(empty) - 39

Top ISPs:
Polonetwork Limited - 693
SS-Net - 60
Google LLC - 39

Top Clients:
Unknown - 879

Top Software:
Unknown - 879

Top Keyboards:
Unknown - 879

Top IP Classification:
Unknown - 813
hosting - 51
hosting & proxy - 15

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-30 RDP #Honeypot IOCs - 586 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
150.241.205.170 - 462
80.94.95.221 - 40
193.169.194.14 - 20

Top ASNs:
AS151338 - 462
AS204428 - 40
AS396982 - 26

Top Accounts:
hello - 472
Administr - 42
(empty) - 26

Top ISPs:
Polonetwork Limited - 462
SS-Net - 40
Google LLC - 26

Top Clients:
Unknown - 586

Top Software:
Unknown - 586

Top Keyboards:
Unknown - 586

Top IP Classification:
Unknown - 542
hosting - 34
hosting & proxy - 10

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-30 RDP #Honeypot IOCs - 293 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
150.241.205.170 - 231
80.94.95.221 - 20
193.169.194.14 - 10

Top ASNs:
AS151338 - 231
AS204428 - 20
AS396982 - 13

Top Accounts:
hello - 236
Administr - 21
(empty) - 13

Top ISPs:
Polonetwork Limited - 231
SS-Net - 20
Google LLC - 13

Top Clients:
Unknown - 293

Top Software:
Unknown - 293

Top Keyboards:
Unknown - 293

Top IP Classification:
Unknown - 271
hosting - 17
hosting & proxy - 5

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security