Mastodawn

2026-06-03 RDP #Honeypot IOCs - 12681 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.36.55 - 7620
152.42.212.128 - 4827
193.169.194.14 - 27

Top ASNs:
AS14061 - 12459
AS396982 - 36
AS132203 - 30

Top Accounts:
hello - 12489
142.93.8.59 - 75
(empty) - 27

Top ISPs:
DigitalOcean, LLC - 12459
Google LLC - 36
Berdiev Ruslan Mukhabatovich - 27

Top Clients:
Unknown - 12681

Top Software:
Unknown - 12681

Top Keyboards:
Unknown - 12681

Top IP Classification:
hosting - 12543
Unknown - 117
hosting & proxy - 18

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 39m ago

2026-06-03 RDP #Honeypot IOCs - 12680 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.36.55 - 7620
152.42.212.128 - 4826
193.169.194.14 - 27

Top ASNs:
AS14061 - 12458
AS396982 - 36
AS132203 - 30

Top Accounts:
hello - 12488
142.93.8.59 - 75
(empty) - 27

Top ISPs:
DigitalOcean, LLC - 12458
Google LLC - 36
Berdiev Ruslan Mukhabatovich - 27

Top Clients:
Unknown - 12680

Top Software:
Unknown - 12680

Top Keyboards:
Unknown - 12680

Top IP Classification:
hosting - 12542
Unknown - 117
hosting & proxy - 18

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 40m ago

2026-06-03 RDP #Honeypot IOCs - 12679 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.36.55 - 7620
152.42.212.128 - 4825
193.169.194.14 - 27

Top ASNs:
AS14061 - 12457
AS396982 - 36
AS132203 - 30

Top Accounts:
hello - 12487
142.93.8.59 - 75
(empty) - 27

Top ISPs:
DigitalOcean, LLC - 12457
Google LLC - 36
Berdiev Ruslan Mukhabatovich - 27

Top Clients:
Unknown - 12679

Top Software:
Unknown - 12679

Top Keyboards:
Unknown - 12679

Top IP Classification:
hosting - 12541
Unknown - 117
hosting & proxy - 18

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Show thread

0xPrashanthSec 4h ago

Dashlane says attackers “brute-forced past 2FA.”

MFA tokens aren’t brute-forceable in real time. That means phishing, SIM swap, token prediction, or session hijack.

“Brute-forced past 2FA” is not a complete explanation.
#SOC #InfoSec #Breach #CyberSecurity

AzureTracks 12h ago

Enable Sentinel UEBA for insider threat detection. https://aka.ms/SentinelUEBA #SOC #ThreatDetection ->Combine Purview & Sentinel for even more powerful detections!
KQL: BehaviorAnalytics | where AnomalyScore > 0.8 | project UserPrincipalName, ActivityType

Advanced threat detection with User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel

Create behavioral baselines for entities (users, hostnames, IP addresses) and use them to detect anomalous behavior and identify zero-day advanced persistent threats (APT).

YAYAFA 23h ago

Igloo Corporation、KISAのAIセキュリティ支援事業に採択　自律型SOCを高度化 https://www.yayafa.com/2814786/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #CTI #Kisa #LLM #MCP #SIEM #Soar #SOC #エージェント型AI #セキュリティ #人工知能 #汎用人工知能

RDP Snitch 1d ago

2026-06-02 RDP #Honeypot IOCs - 15252 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.36.55 - 7521
152.42.212.128 - 4839
165.22.106.154 - 2334

Top ASNs:
AS14061 - 15048
AS135918 - 66
AS396982 - 36

Top Accounts:
hello - 15120
(empty) - 33
root - 18

Top ISPs:
DigitalOcean, LLC - 15048
CONTABO - 66
Google LLC - 36

Top Clients:
Unknown - 15252

Top Software:
Unknown - 15252

Top Keyboards:
Unknown - 15252

Top IP Classification:
hosting - 15099
Unknown - 138
hosting & proxy - 9

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 1d ago

2026-06-02 RDP #Honeypot IOCs - 15251 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.36.55 - 7520
152.42.212.128 - 4839
165.22.106.154 - 2334

Top ASNs:
AS14061 - 15047
AS135918 - 66
AS396982 - 36

Top Accounts:
hello - 15119
(empty) - 33
root - 18

Top ISPs:
DigitalOcean, LLC - 15047
CONTABO - 66
Google LLC - 36

Top Clients:
Unknown - 15251

Top Software:
Unknown - 15251

Top Keyboards:
Unknown - 15251

Top IP Classification:
hosting - 15098
Unknown - 138
hosting & proxy - 9

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 1d ago

2026-06-02 RDP #Honeypot IOCs - 15250 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.36.55 - 7519
152.42.212.128 - 4839
165.22.106.154 - 2334

Top ASNs:
AS14061 - 15046
AS135918 - 66
AS396982 - 36

Top Accounts:
hello - 15118
(empty) - 33
root - 18

Top ISPs:
DigitalOcean, LLC - 15046
CONTABO - 66
Google LLC - 36

Top Clients:
Unknown - 15250

Top Software:
Unknown - 15250

Top Keyboards:
Unknown - 15250

Top IP Classification:
hosting - 15097
Unknown - 138
hosting & proxy - 9

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Lazou 1d ago

Neuer Artikel: „Detection & Response – das Herzstück moderner IT‑Security“

Je länger ich mich mit SOC‑Themen beschäftige, desto klarer wird mir: Es ist am Ende weniger wichtig, ob auf der Folie SOC, XDR oder „Next‑Gen“ steht. Entscheidend ist, ob eine Organisation Angriffe rechtzeitig erkennt – und dann strukturiert darauf reagieren kann.

Im Artikel geht es darum,

➡️ warum Detection & Response wichtiger sind als jedes einzelne Security‑Buzzword
➡️ welche Bausteine für wirksame Erkennung wirklich zählen (Logquellen, Use Cases, Kontext)
➡️ wie ein sinnvoller Response‑Prozess aussieht – von Triage über Containment bis zu Lessons Learned
➡️ und warum Menschen, klare Rollen und gelebte Prozesse am Ende wichtiger sind als jede noch so moderne Security‑Technologie: Tools erkennen Events – Menschen entscheiden, was das bedeutet, wie reagiert wird und was wir daraus lernen

Der Artikel ist jetzt auf secunis.de online.

🔗 https://www.secunis.de/detection-response-herzstueck-it-security/

#Datenschutz #ITSecurity #SOC #InfoSec #CyberSecurity

Detection & Response: Das Herzstück moderner IT‑Security

Einleitung Am Ende läuft nahezu jede Sicherheitsdiskussion auf zwei zentrale Fragen hinaus:…

Secunis