2026-03-26 RDP #Honeypot IOCs - 4728 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
183.81.35.16 - 4176
143.198.111.35 - 372
194.164.107.5 - 30

Top ASNs:
AS18403 - 4176
AS14061 - 384
AS396982 - 36

Top Accounts:
hello - 4560
Administr - 42
Test - 33

Top ISPs:
FPT Telecom Company - 4176
DigitalOcean, LLC - 384
Google LLC - 36

Top Clients:
Unknown - 4728

Top Software:
Unknown - 4728

Top Keyboards:
Unknown - 4728

Top IP Classification:
Unknown - 4302
hosting & proxy - 372
hosting - 54

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-26 RDP #Honeypot IOCs - 3152 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
183.81.35.16 - 2784
143.198.111.35 - 248
194.164.107.5 - 20

Top ASNs:
AS18403 - 2784
AS14061 - 256
AS396982 - 24

Top Accounts:
hello - 3040
Administr - 28
Test - 22

Top ISPs:
FPT Telecom Company - 2784
DigitalOcean, LLC - 256
Google LLC - 24

Top Clients:
Unknown - 3152

Top Software:
Unknown - 3152

Top Keyboards:
Unknown - 3152

Top IP Classification:
Unknown - 2868
hosting & proxy - 248
hosting - 36

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-26 RDP #Honeypot IOCs - 1576 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
183.81.35.16 - 1392
143.198.111.35 - 124
194.164.107.5 - 10

Top ASNs:
AS18403 - 1392
AS14061 - 128
AS396982 - 12

Top Accounts:
hello - 1520
Administr - 14
Test - 11

Top ISPs:
FPT Telecom Company - 1392
DigitalOcean, LLC - 128
Google LLC - 12

Top Clients:
Unknown - 1576

Top Software:
Unknown - 1576

Top Keyboards:
Unknown - 1576

Top IP Classification:
Unknown - 1434
hosting & proxy - 124
hosting - 18

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Just Announced for BSides Luxembourg 2026!
𝗧𝗛𝗘 𝗦𝗣𝗬 𝗪𝗛𝗢 𝗟𝗢𝗚𝗚𝗘𝗗 𝗠𝗘 - 𝗪𝗛𝗘𝗡 𝗬𝗢𝗨𝗥 𝗫𝗗𝗥 𝗝𝗢𝗜𝗡𝗦 𝗧𝗛𝗘 𝗔𝗧𝗧𝗔𝗖𝗞𝗘𝗥𝗦 - Melina Phillips(@tx_princess )

Melina Phillips https://www.linkedin.com/in/melinaphillips-cissp/ is an Offensive Security Engineer with over 10 years of IT experience and a strong background in security operations and incident detection. She specializes in adversary simulation and endpoint compromise, bringing practical, real-world insights to modern attack and defense strategies.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https:// 2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BsidesLuxembourg #CyberSecurity #XDR #ThreatDetection #BlueTeam #OffensiveSecurity

2026-03-25 RDP #Honeypot IOCs - 4950 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
183.81.35.16 - 4233
143.198.111.35 - 636
80.94.95.221 - 12

Top ASNs:
AS18403 - 4233
AS14061 - 636
AS396982 - 36

Top Accounts:
hello - 4875
Administr - 18
(empty) - 9

Top ISPs:
FPT Telecom Company - 4233
DigitalOcean, LLC - 636
Google LLC - 36

Top Clients:
Unknown - 4950

Top Software:
Unknown - 4950

Top Keyboards:
Unknown - 4950

Top IP Classification:
Unknown - 4257
hosting & proxy - 636
hosting - 51

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-25 RDP #Honeypot IOCs - 3300 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
183.81.35.16 - 2822
143.198.111.35 - 424
80.94.95.221 - 8

Top ASNs:
AS18403 - 2822
AS14061 - 424
AS396982 - 24

Top Accounts:
hello - 3250
Administr - 12
(empty) - 6

Top ISPs:
FPT Telecom Company - 2822
DigitalOcean, LLC - 424
Google LLC - 24

Top Clients:
Unknown - 3300

Top Software:
Unknown - 3300

Top Keyboards:
Unknown - 3300

Top IP Classification:
Unknown - 2838
hosting & proxy - 424
hosting - 34

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-25 RDP #Honeypot IOCs - 1650 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
183.81.35.16 - 1411
143.198.111.35 - 212
80.94.95.221 - 4

Top ASNs:
AS18403 - 1411
AS14061 - 212
AS396982 - 12

Top Accounts:
hello - 1625
Administr - 6
(empty) - 3

Top ISPs:
FPT Telecom Company - 1411
DigitalOcean, LLC - 212
Google LLC - 12

Top Clients:
Unknown - 1650

Top Software:
Unknown - 1650

Top Keyboards:
Unknown - 1650

Top IP Classification:
Unknown - 1419
hosting & proxy - 212
hosting - 17

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

📢 New Article Drop: Weaponizing Windows Toast Notifications for Social Engineering
🧠 Windows Toast Notifications are everywhere: policy updates, VPN reminders, password expiry alerts. Because these are legitimate applications that users trust, they can become a high‑impact social‑engineering surface.
🦄 I just published a deep‑dive playbook on how Toast Notifications can be abused for credential harvesting, lateral movement, user manipulation etc. and how defenders can perform detection.
📖 1x Playbook
💡 Detection Opportunities
🎯 1x MDE Query
🚨 1x SIGMA Rule

𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 - 𝐄𝐯𝐞𝐧𝐭 𝐈𝐃'𝐬
✅ 7 & 13 (Sysmon)
✅ DLL Monitoring: wpnapps.dll & msxml6.dll from unexpected processes
✒️ https://ipurple.team/2026/03/25/toast-notifications/
#purpleteam #detectionengineering #blueteam #threathunting