Volexity :verified:<p>In the course of its investigations, <span class="h-card" translate="no"><a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>volexity</span></a></span> frequently encounters malware samples written in Golang. This reflects the increase in popularity of the Golang generally, and presents challenges to reverse engineering tools.<br> <br>Today, <span class="h-card" translate="no"><a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>volexity</span></a></span> is releasing GoResolver, open-source tooling to help reverse engineers understand obfuscated samples. <span class="h-card" translate="no"><a href="https://infosec.exchange/@r00tbsd" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>r00tbsd</span></a></span> & Killian Raimbaud presented details at INCYBER Forum earlier today.<br> <br>GoResolver uses control-flow graph similarity to identify library code in obfuscated code, leaving analysts with only malware functions to analyze. This saves time & speeds up investigations!<br> <br>Check out the blog post on how GoResolver works and where to download it: <a href="https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">volexity.com/blog/2025/04/01/g</span><span class="invisible">oresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/</span></a><br> <br><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malwareanalysis</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
pawb.fun is one of the many independent Mastodon servers you can use to participate in the fediverse.
This instance aimed at any and all within the furry fandom, though anyone is welcome! We're friendly towards members of the LGBTQ+ community and aiming to offer a safe space for our users.
Administered by:
Server stats:
304active users
pawb.fun: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7+glitch
#dfir
3 posts · 1 participant · 0 posts today
G0rb<p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> Webserver-Logs of Edge-Devices are really helpful sometimes.</p>
0ddj0bb Is At Cyphercon<p>Hey <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> and <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentest</span></a> ers, what security controlsnon endpoints and servers make your life miserable on an engagement? </p><p>App allow listing? <br>DEP?<br>Powershell execution policies?<br>Hostbased firewall?</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyber</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a></p>
Alexandre Dulaunoy<p>There is a new <a href="https://infosec.exchange/tags/Fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fediverse</span></a> bot that facilitates web forensic analysis of websites.</p><p>You can submit a domain for crawling by messaging <span class="h-card" translate="no"><a href="https://social.circl.lu/@lookyloo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lookyloo</span></a></span>, and it will respond with the analysis results.</p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> </p><p>services is provided by <span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>circl</span></a></span> </p><p>🔗 <a href="https://lookyloo.circl.lu" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">lookyloo.circl.lu</span><span class="invisible"></span></a></p><p>Thanks to <span class="h-card" translate="no"><a href="https://social.yoyodyne-it.eu/@rafi0t" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rafi0t</span></a></span> for the new bot.</p>
r1cksec<p>Records an executable's network activity into a Full Packet Capture file (.pcap)🕵️♂️ </p><p><a href="https://github.com/H4NM/WhoYouCalling" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/H4NM/WhoYouCalling</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a></p>
DomainTools<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@hacks4pancakes" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hacks4pancakes</span></a></span> (<span class="h-card" translate="no"><a href="https://infosec.exchange/@dragosinc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dragosinc</span></a></span>) will join us on March 19 for our Foundations of DFIR panel! </p><p>While that's a few weeks away, you can check out Lesley's blog post on The Shifting Landscape of OT Incident Response which illustrates the importance of specialized incident response and digital forensics in maintaining the security and integrity of OT systems. </p><p>Find it here: <a href="https://www.dragos.com/blog/the-shifting-landscape-of-ot-incident-response/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">dragos.com/blog/the-shifting-l</span><span class="invisible">andscape-of-ot-incident-response/</span></a></p><p>If you want to catch Lesley along with panelists <span class="h-card" translate="no"><a href="https://infosec.exchange/@danonsecurity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>danonsecurity</span></a></span>, David Bianco, and Sarah Sabotka for unique insights on bolstering your DFIR foundations, save your spot here: <a href="https://www.domaintools.com/webinar-getting-back-to-the-foundations-of-dfir/?utm_source=Mastodon&utm_medium=Social&utm_campaign=DFIR-To-You" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">domaintools.com/webinar-gettin</span><span class="invisible">g-back-to-the-foundations-of-dfir/?utm_source=Mastodon&utm_medium=Social&utm_campaign=DFIR-To-You</span></a></p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a></p>
Vern McCandlish<p>Me: How would you rate your incident response maturity?</p><p>Them: This is the worn block of wood we knock on when discussing hypothetical situations.</p><p>Me: Okay, so very mature.</p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/DFIRHumor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIRHumor</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infosechumor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosechumor</span></a></p>
Mike Sheward<p>Mini Blue Team Diaries Story:</p><p>At one time, I was responsible for security operations team at an app that had business travel booking capabilities. Flights, hotel etc. Because it was business travel, a lot of places had set up dedicated p-card's for travel booking expenses etc, rather than requiring employees or whoever to supply their own.</p><p>We had a lot of customers who were higher education sector places, who at the time, used SSO from their University ID systems, but did not enforce MFA.</p><p>What this led to, was a lot of phishing of those customer credentials - and then a lot of hopping into our system.</p><p>One of our other features - was the ability for the end user to book 'guest travel', meaning an extra ticket or two for other people - not just themselves. That was an optional feature, but a lot of people enabled it.</p><p>One fella discovered that if he got access to our system via phishing, and he found a target that had all the right things in place (p-card, guest booking), he could essentially book tickets and hotels wherever he wanted.</p><p>Now, he wasn't always able to get away with it. Sometimes things would require an approver, sometimes, an employee would notice something and cancel it before the tickets were issued - so he shifted his MO to essentially book the tickets an hour and a bit before the flight left, so he could get people on planes ASAP.</p><p>We of course advised all of our customers with SSO enabled to use MFA (and offered it ourselves). But, it was slow going at the time. So to help out we built a lot of detection capabilities. Abnormal IP's on logins would trigger alerts. Trips with guest booking enabled would trip other alerts etc - and we'd be able to shut it down. We (SecOps) got quite effective at picking these off in real time.</p><p>Now, you're probably wondering - how did we know it was a fella, and how did we know his MO and why he did it the way he did?</p><p>Well, the dude liked to travel himself, so his name would pop up in the attempted bookings more often than others.</p><p>Then we found him online. He had a 'travel agency' business. So we called him up, and asked to book some travel. He explained how in order to get super cheap tickets, we'd need to go to the airport, and how sometimes (presumably because we'd mostly shut it down with our detections), his methods didn't work.</p><p>Then we explained who we were. "Wow, yeah I've had a good run, time to move on to something else, good job to you," he said.</p><p>So the lesson is - anyone can become a platform company that other people build businesses on.</p><p>Read more stories like this at <a href="https://www.infosecdiaries.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">infosecdiaries.com/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a></p>
Volexity :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>volexity</span></a></span> recently identified multiple Russian threat actors targeting users via <a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialengineering</span></a> + <a href="https://infosec.exchange/tags/spearphishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spearphishing</span></a> campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: <a href="https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">volexity.com/blog/2025/02/13/m</span><span class="invisible">ultiple-russian-threat-actors-targeting-microsoft-device-code-authentication/</span></a></p><p><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/m365security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>m365security</span></a></p>
DomainTools<p>In our upcoming presentation, our panel of experts will take us back to basics. We all know that "the threat landscape is changing rapidly," but have we paused to ensure our security practices are built on a solid foundation? If you're unsure, the answer is likely no. The good news is, we can change that.</p><p>Join us as we delve into the PICERL Model (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned) to review the essential foundations of Digital Forensics and Incident Response (DFIR). These fundamentals are crucial for effectively managing and mitigating cybersecurity incidents, yet they are often forgotten or overlooked.</p><p>Our panel includes:<br>🔹<span class="h-card" translate="no"><a href="https://infosec.exchange/@danonsecurity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>danonsecurity</span></a></span>, CISO and Head of Investigations (DomainTools) <br>🔹<span class="h-card" translate="no"><a href="https://infosec.exchange/@hacks4pancakes" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hacks4pancakes</span></a></span>, Technical Director of Incident Response (<span class="h-card" translate="no"><a href="https://infosec.exchange/@dragosinc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dragosinc</span></a></span>)<br>🔹<span class="h-card" translate="no"><a href="https://infosec.exchange/@DavidJBianco" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>DavidJBianco</span></a></span>, Staff Security Strategist (@Splunk)<br>🔹Sarah Sabotka, Senior Threat Researcher (Proofpoint)</p><p>📅 Date: March 19 <br>🕒 Time: 10AM PT | 1PM ET<br>📍 Location: Online</p><p>✅ Register here: <a href="https://www.domaintools.com/webinar-getting-back-to-the-foundations-of-dfir/?utm_campaign=&utm_medium=social&utm_source=Mastodon&utm_content=DFIR-To-You" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">domaintools.com/webinar-gettin</span><span class="invisible">g-back-to-the-foundations-of-dfir/?utm_campaign=&utm_medium=social&utm_source=Mastodon&utm_content=DFIR-To-You</span></a></p><p>DomainTools will provide a document confirming your participation; however, CPE credit approval is not guaranteed. Credentialing organizations, such as ISACA or ISC2, may grant CPE credits for security educational courses if you provide proof of participation.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/PICERLModel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PICERLModel</span></a> <a href="https://infosec.exchange/tags/BackToBasics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackToBasics</span></a> <a href="https://infosec.exchange/tags/CyberResilience" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberResilience</span></a></p>
Tim (Wadhwa-)Brown :donor:<p>Writing a forensics guide for routers and switches, big (corporate networks, service providers) and small (DSL, home wifi etc). What steps/tips would you recommend when performing DFIR? What would you like more ideas on? Where are the gaps?</p><p><a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a>, <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a>, <a href="https://infosec.exchange/tags/networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networking</span></a>, <a href="https://infosec.exchange/tags/routers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>routers</span></a></p>
Juliet Merida, Dum Tran Elf 🏳️⚧️<p><span>Hey security folks! It's that time again...<br><br>What's your definition of "incident" and why are the others wrong? What arguments have you had about your definition?<br><br></span><a href="https://merida.hair/tags/Cybersecurity" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://merida.hair/tags/InformationSecurity" rel="nofollow noopener noreferrer" target="_blank">#InformationSecurity</a> <a href="https://merida.hair/tags/DFIR" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a></p>
Jamie Levy 🦉<p>We’re hiring a technical writer for my team here at <span class="h-card" translate="no"><a href="https://infosec.exchange/@huntress" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>huntress</span></a></span> in case anyone is interested! Feel free to reach out with questions 😃</p><p><a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> </p><p><a href="https://job-boards.greenhouse.io/huntress/jobs/6351695003" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">job-boards.greenhouse.io/huntr</span><span class="invisible">ess/jobs/6351695003</span></a></p>
Hal Pomeranz<p>Let me put this in <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> terms for you:</p><p>Trump 45 was reconnaissance. Trump 47 is intrusion, persistence, and extraction.</p>
Vern McCandlish<p>I need to start a boutique <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> firm called "It Depends"</p>
Tyler Hudak<p>I've had to analyze several MS Quick Assist compromises and found challenges during each one. Threat Hunting for malicious activity thru QA is not easy either. </p><p>So I wrote a blog post on what to look for: <a href="https://inversion6.com/resources/blog/january-2025/microsoft-quick-assist-an-it-security-primer" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">inversion6.com/resources/blog/</span><span class="invisible">january-2025/microsoft-quick-assist-an-it-security-primer</span></a></p><p><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>forensics</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threathunting</span></a></p>
Chris Sanders 🔎 🧠<p>Investigation Scenario 🔎</p><p>A user workstation executed gpedit.msc for an unknown reason. </p><p>What do you look for to investigate whether an incident occurred?</p><p><a href="https://infosec.exchange/tags/InvestigationPath" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InvestigationPath</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a></p>
Vern McCandlish<p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/DFIRMEMES" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIRMEMES</span></a> <a href="https://infosec.exchange/tags/INFOSECMEMES" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>INFOSECMEMES</span></a></p>
DEVCE CIC<p>We are aware that there are some members of the digital evidence community who may be wary of, unwilling to, or unable to give evidence to the Parliamentary Inquiry into Computer Evidence (<a href="https://www.gov.uk/government/news/use-of-computer-evidence-in-court-to-be-interrogated" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">gov.uk/government/news/use-of-</span><span class="invisible">computer-evidence-in-court-to-be-interrogated</span></a> ). To ensure that their views & experiences can be properly represented, we are running a short survey ro capture essential information that we will submit to the Inquiry on behalf of respondents. All information will be anonymised and only used or reproduced with the consent of the contributors.</p><p>The survey has been prepared by Angus Marshall with support from Prof. Sarah Morris and Simon Biles, for whose support we are very grateful.</p><p>Please do complete the form at <a href="https://forms.gle/BwmDytnHT3z8pmCDA" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">forms.gle/BwmDytnHT3z8pmCDA</span><span class="invisible"></span></a> . It should only take 10-20 minutes. Or if you prefer to email us: survey@devce.org</p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a> <a href="https://infosec.exchange/tags/CJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CJS</span></a> <a href="https://infosec.exchange/tags/Law" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Law</span></a> <a href="https://infosec.exchange/tags/ComputerEvidence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComputerEvidence</span></a> <a href="https://infosec.exchange/tags/Parliament" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Parliament</span></a> <a href="https://infosec.exchange/tags/Academia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Academia</span></a></p>
RDP Snitch<p>2025-01-08 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 350 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>68.183.88.109 - 200<br>185.42.12.81 - 16<br>185.170.144.198 - 16</p><p>Top ASNs:<br>AS14061 - 226<br>AS396982 - 24<br>AS59425 - 18</p><p>Top Accounts:<br>hello - 254<br>Administr - 24<br>Domain - 18</p><p>Top ISPs:<br>DigitalOcean, LLC - 226<br>Chang Way Technologies Co. Limited - 24<br>Google LLC - 24</p><p>Top Clients:<br>Unknown - 350</p><p>Top Software:<br>Unknown - 350</p><p>Top Keyboards:<br>Unknown - 350</p><p>Top IP Classification:<br>hosting - 248<br>Unknown - 64<br>proxy - 24</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/7emQHvAD" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/7emQHvAD</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload