Tedi Heriyanto11h ago

Regipy MCP: Natural Language Registry Forensics with Claude: https://medium.com/dfir-dudes/regipy-mcp-natural-language-registry-forensics-with-claude-984d378784d6

#windowsregistry #dfir

Regipy MCP: Natural Language Registry Forensics with Claude

Six years ago, I wrote a blog post introducing regipy, a Python library I built because I was frustrated with existing registry forensic…

Medium
RDP Snitch13h ago

2026-01-16 RDP #Honeypot IOCs - 249 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
47.25.7.101 - 54
80.94.95.198 - 18
85.11.182.11 - 18

Top ASNs:
AS20115 - 54
AS396982 - 48
AS204428 - 39

Top Accounts:
142.93.8.59 - 123
Administr - 21
Domain - 18

Top ISPs:
Charter Communications - 54
Google LLC - 48
SS-Net - 39

Top Clients:
Unknown - 249

Top Software:
Unknown - 249

Top Keyboards:
Unknown - 249

Top IP Classification:
Unknown - 141
hosting - 81
mobile - 15

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch14h ago

2026-01-16 RDP #Honeypot IOCs - 166 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
47.25.7.101 - 36
80.94.95.198 - 12
85.11.182.11 - 12

Top ASNs:
AS20115 - 36
AS396982 - 32
AS204428 - 26

Top Accounts:
142.93.8.59 - 82
Administr - 14
Domain - 12

Top ISPs:
Charter Communications - 36
Google LLC - 32
SS-Net - 26

Top Clients:
Unknown - 166

Top Software:
Unknown - 166

Top Keyboards:
Unknown - 166

Top IP Classification:
Unknown - 94
hosting - 54
mobile - 10

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch14h ago

2026-01-16 RDP #Honeypot IOCs - 83 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
47.25.7.101 - 18
80.94.95.198 - 6
85.11.182.11 - 6

Top ASNs:
AS20115 - 18
AS396982 - 16
AS204428 - 13

Top Accounts:
142.93.8.59 - 41
Administr - 7
Domain - 6

Top ISPs:
Charter Communications - 18
Google LLC - 16
SS-Net - 13

Top Clients:
Unknown - 83

Top Software:
Unknown - 83

Top Keyboards:
Unknown - 83

Top IP Classification:
Unknown - 47
hosting - 27
mobile - 5

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-01-15 RDP #Honeypot IOCs - 1605 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
34.142.100.136 - 1392
45.79.92.171 - 45
47.25.7.101 - 33

Top ASNs:
AS396982 - 1428
AS63949 - 45
AS20115 - 33

Top Accounts:
hello - 1458
142.93.8.59 - 87
Administr - 9

Top ISPs:
Google LLC - 1428
Akamai Technologies, Inc. - 45
Charter Communications - 33

Top Clients:
Unknown - 1605

Top Software:
Unknown - 1605

Top Keyboards:
Unknown - 1605

Top IP Classification:
hosting - 1494
Unknown - 90
proxy - 9

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-01-15 RDP #Honeypot IOCs - 1070 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
34.142.100.136 - 928
45.79.92.171 - 30
47.25.7.101 - 22

Top ASNs:
AS396982 - 952
AS63949 - 30
AS20115 - 22

Top Accounts:
hello - 972
142.93.8.59 - 58
Administr - 6

Top ISPs:
Google LLC - 952
Akamai Technologies, Inc. - 30
Charter Communications - 22

Top Clients:
Unknown - 1070

Top Software:
Unknown - 1070

Top Keyboards:
Unknown - 1070

Top IP Classification:
hosting - 996
Unknown - 60
proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-01-15 RDP #Honeypot IOCs - 535 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
34.142.100.136 - 464
45.79.92.171 - 15
47.25.7.101 - 11

Top ASNs:
AS396982 - 476
AS63949 - 15
AS20115 - 11

Top Accounts:
hello - 486
142.93.8.59 - 29
Administr - 3

Top ISPs:
Google LLC - 476
Akamai Technologies, Inc. - 15
Charter Communications - 11

Top Clients:
Unknown - 535

Top Software:
Unknown - 535

Top Keyboards:
Unknown - 535

Top IP Classification:
hosting - 498
Unknown - 30
proxy - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Show threadgary1d ago
@dnsprincess @Walker in any event you should always opt to build the monster app or apps that wring out not only many opsec oversights but also work together in gestalt catalyzing manner - good examples of this could be cve in a wiki or diy shodan plus maltego or a graph #tarpit #artillery by dave kennedy #osint #dfir #tags #arroyo cluster #firehose #version number
Show threadsydney1d ago
#threathunting #macos #cybersecurity #dfir #thrunting
Forensic Focus1d ago
Carol Brooks, a cyber and organisational psychologist, joins the Forensic Focus Podcast to discuss her PhD research into covert cyber investigators and the psychological factors that shape their resilience and investigative decision-making. https://www.forensicfocus.com/podcast/covert-cyber-investigator-well-being-with-carol-brooks/ #DigitalForensics #DFIR
Covert Cyber Investigator Well-Being With Carol Brooks - Forensic Focus

Carol Brooks, a cyber and organisational psychologist, joins the Forensic Focus Podcast to discuss her PhD research into covert cyber investigators and the psychological factors that shape their resilience and investigative decision-making.

Forensic Focus