Mastodawn

2026-04-06 RDP #Honeypot IOCs - 618 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 495
80.94.95.221 - 33
205.210.31.33 - 9

Top ASNs:
AS14061 - 495
AS204428 - 39
AS396982 - 36

Top Accounts:
hello - 498
Administr - 48
Test - 24

Top ISPs:
DigitalOcean, LLC - 495
SS-Net - 39
Google LLC - 36

Top Clients:
Unknown - 618

Top Software:
Unknown - 618

Top Keyboards:
Unknown - 618

Top IP Classification:
hosting - 537
Unknown - 81

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 13h ago

2026-04-06 RDP #Honeypot IOCs - 412 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 330
80.94.95.221 - 22
205.210.31.33 - 6

Top ASNs:
AS14061 - 330
AS204428 - 26
AS396982 - 24

Top Accounts:
hello - 332
Administr - 32
Test - 16

Top ISPs:
DigitalOcean, LLC - 330
SS-Net - 26
Google LLC - 24

Top Clients:
Unknown - 412

Top Software:
Unknown - 412

Top Keyboards:
Unknown - 412

Top IP Classification:
hosting - 358
Unknown - 54

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 13h ago

2026-04-06 RDP #Honeypot IOCs - 206 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 165
80.94.95.221 - 11
205.210.31.33 - 3

Top ASNs:
AS14061 - 165
AS204428 - 13
AS396982 - 12

Top Accounts:
hello - 166
Administr - 16
Test - 8

Top ISPs:
DigitalOcean, LLC - 165
SS-Net - 13
Google LLC - 12

Top Clients:
Unknown - 206

Top Software:
Unknown - 206

Top Keyboards:
Unknown - 206

Top IP Classification:
hosting - 179
Unknown - 27

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Hal Pomeranz 18h ago

jq is super useful, once somebody explains the basics to you. Here I am explaining the basics in a way that's applicable for all you DFIR types.

https://righteousit.com/2026/04/06/jq-for-forensics/

#JSON #DFIR #Linux

jq For Forensics

jq is a great tool for parsing JSON data. But DFIR professionals often apply jq differently from the typical examples you see written for developers.

Righteous IT

RDP Snitch 1d ago

2026-04-05 RDP #Honeypot IOCs - 630 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 495
111.10.207.196 - 18
198.235.24.30 - 9

Top ASNs:
AS14061 - 504
AS396982 - 36
AS9808 - 18

Top Accounts:
hello - 504
Test - 24
test - 18

Top ISPs:
DigitalOcean, LLC - 504
Google LLC - 36
China Mobile communications corporation - 18

Top Clients:
Unknown - 630

Top Software:
Unknown - 630

Top Keyboards:
Unknown - 630

Top IP Classification:
hosting - 549
Unknown - 63
mobile - 18

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 1d ago

2026-04-05 RDP #Honeypot IOCs - 420 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 330
111.10.207.196 - 12
198.235.24.30 - 6

Top ASNs:
AS14061 - 336
AS396982 - 24
AS9808 - 12

Top Accounts:
hello - 336
Test - 16
test - 12

Top ISPs:
DigitalOcean, LLC - 336
Google LLC - 24
China Mobile communications corporation - 12

Top Clients:
Unknown - 420

Top Software:
Unknown - 420

Top Keyboards:
Unknown - 420

Top IP Classification:
hosting - 366
Unknown - 42
mobile - 12

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 1d ago

2026-04-05 RDP #Honeypot IOCs - 210 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 165
111.10.207.196 - 6
198.235.24.30 - 3

Top ASNs:
AS14061 - 168
AS396982 - 12
AS9808 - 6

Top Accounts:
hello - 168
Test - 8
test - 6

Top ISPs:
DigitalOcean, LLC - 168
Google LLC - 12
China Mobile communications corporation - 6

Top Clients:
Unknown - 210

Top Software:
Unknown - 210

Top Keyboards:
Unknown - 210

Top IP Classification:
hosting - 183
Unknown - 21
mobile - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

~w00p~1d ago

Pretty cool/convenient #velociraptor 🦖 feature, I didn't know: offline collection.

Allows to collect artifacts from "air-gapped" systems, or simply, systems with no connectivity to your Velociraptor Server.

from the backend, select the artifacts you want to collect and create the collection binary

run the binary on the subject device --> it will collect and put the artifacts in a ZIP

get the ZIP back to the analysis machine and import the artifacts to the Velociraptor backend

https://docs.velociraptor.app/docs/deployment/offline_collections/

#dfir

Offline Collections :: Velociraptor - Digging deeper!

Phillmoore 2d ago

Week 14 - 2026 #DFIR

https://thisweekin4n6.com/2026/04/05/week-14-2026/

Week 14 – 2026

Stop scaling headcount. Scale your SecOps.Most security teams don’t have a talent problem, they have a noise problem. Material Security unifies your cloud workspace, providing detection and respons…

This Week In 4n6

RDP Snitch 2d ago

2026-04-04 RDP #Honeypot IOCs - 294 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 111
80.94.95.221 - 39
206.189.89.171 - 24

Top ASNs:
AS14061 - 135
AS204428 - 42
AS396982 - 39

Top Accounts:
hello - 135
Administr - 48
Domain - 27

Top ISPs:
DigitalOcean, LLC - 135
SS-Net - 42
Google LLC - 39

Top Clients:
Unknown - 294

Top Software:
Unknown - 294

Top Keyboards:
Unknown - 294

Top IP Classification:
hosting - 177
Unknown - 99
mobile - 18

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security