Mastodawn

Your org should be activating Entra ID conditional access policies to outright block device code authorizations with a carveout for very limited use cases such as meeting room conferencing devices. Even Microsoft knows this and has specific guidance on how to enforce it. Device code phishing is hot right now and these device code phishing-as-a-service platforms will likely lower the barrier of entry.

https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/

https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows

#phishing #eviltokens #soc #dfir #threathunting #cti #threatintel

New widespread EvilTokens kit: device code phishing as-a-service - Part 1

Uncover the new sophisticated EvilTokens device code phishing as-a-service, with AI-augmented features facilitating BEC fraud

Sekoia.io Blog

RDP Snitch 4h ago

2026-03-31 RDP #Honeypot IOCs - 705 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 495
143.110.190.12 - 36
80.66.83.75 - 27

Top ASNs:
AS14061 - 531
AS216473 - 42
AS396982 - 36

Top Accounts:
hello - 531
Administr - 39
Domain - 36

Top ISPs:
DigitalOcean, LLC - 531
Bashinskii Vadim Ruslanovich - 42
Google LLC - 36

Top Clients:
Unknown - 705

Top Software:
Unknown - 705

Top Keyboards:
Unknown - 705

Top IP Classification:
hosting & proxy - 495
Unknown - 102
hosting - 96

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 4h ago

2026-03-31 RDP #Honeypot IOCs - 470 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 330
143.110.190.12 - 24
80.66.83.75 - 18

Top ASNs:
AS14061 - 354
AS216473 - 28
AS396982 - 24

Top Accounts:
hello - 354
Administr - 26
Domain - 24

Top ISPs:
DigitalOcean, LLC - 354
Bashinskii Vadim Ruslanovich - 28
Google LLC - 24

Top Clients:
Unknown - 470

Top Software:
Unknown - 470

Top Keyboards:
Unknown - 470

Top IP Classification:
hosting & proxy - 330
Unknown - 68
hosting - 64

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 4h ago

2026-03-31 RDP #Honeypot IOCs - 235 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 165
143.110.190.12 - 12
80.66.83.75 - 9

Top ASNs:
AS14061 - 177
AS216473 - 14
AS396982 - 12

Top Accounts:
hello - 177
Administr - 13
Domain - 12

Top ISPs:
DigitalOcean, LLC - 177
Bashinskii Vadim Ruslanovich - 14
Google LLC - 12

Top Clients:
Unknown - 235

Top Software:
Unknown - 235

Top Keyboards:
Unknown - 235

Top IP Classification:
hosting & proxy - 165
Unknown - 34
hosting - 32

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Chris Sanders 🔎 🧠14h ago

Investigation Scenario 🔎

A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.

What do you look for to investigate whether an incident occurred?

#InvestigationPath #DFIR #SOC

Halexo Ltd 18h ago

Alert fatigue leads to missed signals. Correlation, prioritization, and automated triage are essential to reduce noise and protect analyst focus.

#SOC #Cybersecurity #AlertFatigue #Automation #SecOps

Manuel Bissey 22h ago

Beyond alert fatigue, European SOCs are struggling with prioritization, visibility, and talent gaps - the challenge isn’t just volume, it’s making sense of the noise. 🎯⚠️ #SOC #CyberOperations

https://securityboulevard.com/2026/03/beyond-alert-fatigue-what-european-socs-actually-struggle-with/

Beyond Alert Fatigue: What European SOCs Actually Struggle With

Results from a Survey among SOC professionals from the region on what is the state of AI in SecOps in Europe

Security Boulevard

RDP Snitch 1d ago

2026-03-30 RDP #Honeypot IOCs - 681 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 495
80.66.83.74 - 27
80.94.95.221 - 21

Top ASNs:
AS14061 - 495
AS396982 - 45
AS204428 - 45

Top Accounts:
hello - 510
Administr - 54
Domain - 45

Top ISPs:
DigitalOcean, LLC - 495
Google LLC - 45
SS-Net - 45

Top Clients:
Unknown - 681

Top Software:
Unknown - 681

Top Keyboards:
Unknown - 681

Top IP Classification:
hosting & proxy - 495
Unknown - 117
hosting - 51

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 1d ago

2026-03-30 RDP #Honeypot IOCs - 454 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 330
80.66.83.74 - 18
80.94.95.221 - 14

Top ASNs:
AS14061 - 330
AS396982 - 30
AS204428 - 30

Top Accounts:
hello - 340
Administr - 36
Domain - 30

Top ISPs:
DigitalOcean, LLC - 330
Google LLC - 30
SS-Net - 30

Top Clients:
Unknown - 454

Top Software:
Unknown - 454

Top Keyboards:
Unknown - 454

Top IP Classification:
hosting & proxy - 330
Unknown - 78
hosting - 34

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 1d ago

2026-03-30 RDP #Honeypot IOCs - 227 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 165
80.66.83.74 - 9
80.94.95.221 - 7

Top ASNs:
AS14061 - 165
AS396982 - 15
AS204428 - 15

Top Accounts:
hello - 170
Administr - 18
Domain - 15

Top ISPs:
DigitalOcean, LLC - 165
Google LLC - 15
SS-Net - 15

Top Clients:
Unknown - 227

Top Software:
Unknown - 227

Top Keyboards:
Unknown - 227

Top IP Classification:
hosting & proxy - 165
Unknown - 39
hosting - 17

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security