RDP Snitch4h ago

2026-04-19 RDP #Honeypot IOCs - 1518 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
45.77.150.186 - 1398
80.94.95.221 - 33
159.223.110.137 - 12

Top ASNs:
AS20473 - 1398
AS396982 - 36
AS204428 - 33

Top Accounts:
hello - 1413
Administr - 42
2rlvvaa2 - 12

Top ISPs:
The Constant Company - 1398
Google LLC - 36
SS-Net - 33

Top Clients:
Unknown - 1518

Top Software:
Unknown - 1518

Top Keyboards:
Unknown - 1518

Top IP Classification:
hosting - 1461
Unknown - 51
hosting & proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch4h ago

2026-04-19 RDP #Honeypot IOCs - 1012 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
45.77.150.186 - 932
80.94.95.221 - 22
159.223.110.137 - 8

Top ASNs:
AS20473 - 932
AS396982 - 24
AS204428 - 22

Top Accounts:
hello - 942
Administr - 28
2rlvvaa2 - 8

Top ISPs:
The Constant Company - 932
Google LLC - 24
SS-Net - 22

Top Clients:
Unknown - 1012

Top Software:
Unknown - 1012

Top Keyboards:
Unknown - 1012

Top IP Classification:
hosting - 974
Unknown - 34
hosting & proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch4h ago

2026-04-19 RDP #Honeypot IOCs - 506 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
45.77.150.186 - 466
80.94.95.221 - 11
159.223.110.137 - 4

Top ASNs:
AS20473 - 466
AS396982 - 12
AS204428 - 11

Top Accounts:
hello - 471
Administr - 14
2rlvvaa2 - 4

Top ISPs:
The Constant Company - 466
Google LLC - 12
SS-Net - 11

Top Clients:
Unknown - 506

Top Software:
Unknown - 506

Top Keyboards:
Unknown - 506

Top IP Classification:
hosting - 487
Unknown - 17
hosting & proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

halil deniz7h ago

Mastering Linux Firewalls: A Deep Dive into Netfilter and iptables

In this article, I cover how iptables works, its architecture, and practical firewall configuration techniques.
https://denizhalil.com/2025/12/31/netfilter-iptables-firewall-configuration-guide/

#CyberSecurity #LinuxSecurity #iptables #Netfilter #NetworkSecurity #Firewall #InfoSec #BlueTeam #DevSecOps #securityengineering #ITSecurity #denizhalil

Bluewall 8h ago

πŸ” Audit before you block β€” 3 new PowerShell scripts for M365 Business Premium:

β†’ Shared mailbox sign-in & license audit
β†’ Admin account MFA & stale account audit
β†’ Legacy auth protocol usage audit

All via Microsoft Graph. Run them before deploying your CA policies β€” no surprises in prod.

πŸ”— github.com/Bluewal/m365-intune-scripts

#infosec #Microsoft365 #EntraID #PowerShell #BlueTeam

BSidesLuxembourg15h ago

🎀 Speaker Spotlight: New Talk at BSides Luxembourg 2026

β€œπ—ͺ𝗛𝗔𝗧 𝗬𝗒𝗨 π—¦π—˜π—˜ π—œπ—¦ (𝗑𝗒𝗧) π—ͺ𝗛𝗔𝗧 𝗬𝗒𝗨 π—šπ—˜π—§β€ – π—«π—”π—©π—œπ—˜π—₯ π— π—˜π—₯π—§π—˜π—‘π—¦ @xme

Talk (40 minutes)

Challenge your perspective in this 40-minute talk exploring how cognitive biases impact investigations across threat intelligence, forensics, and malware analysis. This session highlights how even experienced practitioners can miss critical details by relying too heavily on ΠΏΡ€ΠΈΠ²Ρ‹Ρ‡Π½Ρ‹Π΅ processes, tools, and assumptionsβ€”and how refining observation and awareness can significantly improve outcomes.

Blending practical insights with real-world examples, the talk uncovers common mistakes seen in malware analysis and broader security workflows. While not deeply technical, it offers valuable lessons for all infosec professionals looking to sharpen their analytical mindset and avoid costly blind spots.

Xavier Mertens @xme is a freelance security consultant and founder of Xameco, with over 20 years of experience in information security. A specialist in blue team operations, he is also a Senior Handler at the SANS Internet Storm Center, a certified SANS instructor, and co-organizer of the BruCON security conference.

πŸ“… Conference Dates: 6–8 May 2026 | 09:00–18:00
🎟️ Tickets: https://2026.bsides.lu/tickets/
πŸ“… Schedule: https://pretalx.com/bsidesluxembourg-2026/schedule/
πŸ“² Want to navigate the event easily? Check out the full schedule on Hacker Tracker:
https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #CyberSecurity #ThreatIntel #MalwareAnalysis #BlueTeam #Infosec

RDP Snitch1d ago

2026-04-18 RDP #Honeypot IOCs - 117 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
164.92.124.232 - 18
198.235.24.209 - 9
198.235.24.156 - 9

Top ASNs:
AS396982 - 36
AS14061 - 18
AS48721 - 15

Top Accounts:
Administr - 36
hello - 21
Test - 18

Top ISPs:
Google LLC - 36
DigitalOcean, LLC - 18
Flyservers S.A. - 15

Top Clients:
Unknown - 117

Top Software:
Unknown - 117

Top Keyboards:
Unknown - 117

Top IP Classification:
hosting - 57
Unknown - 57
mobile - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-04-18 RDP #Honeypot IOCs - 78 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
164.92.124.232 - 12
198.235.24.209 - 6
198.235.24.156 - 6

Top ASNs:
AS396982 - 24
AS14061 - 12
AS48721 - 10

Top Accounts:
Administr - 24
hello - 14
Test - 12

Top ISPs:
Google LLC - 24
DigitalOcean, LLC - 12
Flyservers S.A. - 10

Top Clients:
Unknown - 78

Top Software:
Unknown - 78

Top Keyboards:
Unknown - 78

Top IP Classification:
hosting - 38
Unknown - 38
mobile - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-04-18 RDP #Honeypot IOCs - 39 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
164.92.124.232 - 6
198.235.24.209 - 3
198.235.24.156 - 3

Top ASNs:
AS396982 - 12
AS14061 - 6
AS48721 - 5

Top Accounts:
Administr - 12
hello - 7
Test - 6

Top ISPs:
Google LLC - 12
DigitalOcean, LLC - 6
Flyservers S.A. - 5

Top Clients:
Unknown - 39

Top Software:
Unknown - 39

Top Keyboards:
Unknown - 39

Top IP Classification:
hosting - 19
Unknown - 19
mobile - 1

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Matt Simpson1d ago

The Canadian Centre for Cyber Security has designed the Critical Infrastructure Resilience and Escalated Threat Navigation (CIREN) initiative to drive immediate preparedness across organizations to reinforce and protect Canada’s sovereignty and essential services.
https://www.cyber.gc.ca/en/cyber-security-readiness/critical-infrastructure-resilience-escalated-threat-navigation-initiative

#canada #cybersecurity #blueteam

Critical infrastructure resilience and escalated threat navigation initiative - Canadian Centre for Cyber Security

The time to act is now: Strengthening critical infrastructure cyber readiness for a resilient Canada.

Canadian Centre for Cyber Security