#DFIR
41 posts27 participants6 posts today
Are You Ready for Red Team Penetration Testing?
In our latest blog, penetration testing expert @tompohl shares how to choose the best test for your organization's cybersecurity maturity stage. We'll cover the difference between penetration testing and red team penetration testing, how to determine if your company is ready for a red team assessment, and tips for planning your test that will maximize your ROI!
Read More: https://www.lmgsecurity.com/are-you-ready-for-red-team-penetration-testing/
LMG SecurityAre You Ready for Red Team Penetration Testing? | LMG SecurityRead this blog to discover the differences between penetration testing & red team penetration testing & how to find the best fit for your organization!
Don't tell me you have your keys in user space?
#Nitrokey #riskmanagement #redteam #dfir #opsec
2025-04-01 RDP #Honeypot IOCs - 143568 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 67059
156.146.57.110 - 36498
156.146.57.120 - 9156
Top ASNs:
AS60068 - 67059
AS212238 - 63963
AS135161 - 9135
Top Accounts:
hello - 143472
Test - 24
Administr - 21
Top ISPs:
DataCamp Limited - 67059
Datacamp Limited - 63963
GMO-Z.COM PTE. LTD. - 9135
Top Clients:
Unknown - 143568
Top Software:
Unknown - 143568
Top Keyboards:
Unknown - 143568
Top IP Classification:
hosting & proxy - 134259
hosting - 9234
proxy - 51
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/L1kj0TNt
Pastebin2025-04-01_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
2025-04-01 RDP #Honeypot IOCs - 143560 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 67055
156.146.57.110 - 36496
156.146.57.120 - 9156
Top ASNs:
AS60068 - 67055
AS212238 - 63960
AS135161 - 9135
Top Accounts:
hello - 143464
Test - 24
Administr - 21
Top ISPs:
DataCamp Limited - 67055
Datacamp Limited - 63960
GMO-Z.COM PTE. LTD. - 9135
Top Clients:
Unknown - 143560
Top Software:
Unknown - 143560
Top Keyboards:
Unknown - 143560
Top IP Classification:
hosting & proxy - 134251
hosting - 9234
proxy - 51
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/Miae9FU9
Pastebin2025-04-01_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
2025-04-01 RDP #Honeypot IOCs - 143552 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 67051
156.146.57.110 - 36494
156.146.57.120 - 9156
Top ASNs:
AS60068 - 67051
AS212238 - 63957
AS135161 - 9135
Top Accounts:
hello - 143456
Test - 24
Administr - 21
Top ISPs:
DataCamp Limited - 67051
Datacamp Limited - 63957
GMO-Z.COM PTE. LTD. - 9135
Top Clients:
Unknown - 143552
Top Software:
Unknown - 143552
Top Keyboards:
Unknown - 143552
Top IP Classification:
hosting & proxy - 134243
hosting - 9234
proxy - 51
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/kzMJjAnC
Pastebin2025-04-01_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
Investigation Scenario 
PowerShell Script Block Logging (EID 4104) reveals the pictured command was executed:
What do you look for to investigate whether an incident occurred and its extent?
2025-03-31 RDP #Honeypot IOCs - 145515 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 67896
156.146.57.110 - 37164
156.146.57.174 - 9279
Top ASNs:
AS60068 - 67896
AS212238 - 64902
AS135161 - 9240
Top Accounts:
hello - 145392
Test - 42
Domain - 24
Top ISPs:
DataCamp Limited - 67896
Datacamp Limited - 64902
GMO-Z.COM PTE. LTD. - 9240
Top Clients:
Unknown - 145515
Top Software:
Unknown - 145515
Top Keyboards:
Unknown - 145515
Top IP Classification:
hosting & proxy - 136107
hosting - 9339
Unknown - 42
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/6zYKKqcU
Pastebin2025-03-31_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
2025-03-31 RDP #Honeypot IOCs - 145513 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 67895
156.146.57.110 - 37163
156.146.57.174 - 9279
Top ASNs:
AS60068 - 67895
AS212238 - 64901
AS135161 - 9240
Top Accounts:
hello - 145390
Test - 42
Domain - 24
Top ISPs:
DataCamp Limited - 67895
Datacamp Limited - 64901
GMO-Z.COM PTE. LTD. - 9240
Top Clients:
Unknown - 145513
Top Software:
Unknown - 145513
Top Keyboards:
Unknown - 145513
Top IP Classification:
hosting & proxy - 136105
hosting - 9339
Unknown - 42
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/3APRC9wP
Pastebin2025-03-31_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
2025-03-31 RDP #Honeypot IOCs - 145511 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 67894
156.146.57.110 - 37162
156.146.57.174 - 9279
Top ASNs:
AS60068 - 67894
AS212238 - 64900
AS135161 - 9240
Top Accounts:
hello - 145388
Test - 42
Domain - 24
Top ISPs:
DataCamp Limited - 67894
Datacamp Limited - 64900
GMO-Z.COM PTE. LTD. - 9240
Top Clients:
Unknown - 145511
Top Software:
Unknown - 145511
Top Keyboards:
Unknown - 145511
Top IP Classification:
hosting & proxy - 136103
hosting - 9339
Unknown - 42
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/Neh6PhDH
Pastebin2025-03-31_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
#Stark4N6: Forensics StartMe Updates (4/1/2025) #DFIR https://www.stark4n6.com/2025/04/forensics-startme-updates-412025.html
In the course of its investigations, @volexity frequently encounters malware samples written in Golang. This reflects the increase in popularity of the Golang generally, and presents challenges to reverse engineering tools.
Today, @volexity is releasing GoResolver, open-source tooling to help reverse engineers understand obfuscated samples. @r00tbsd & Killian Raimbaud presented details at INCYBER Forum earlier today.
GoResolver uses control-flow graph similarity to identify library code in obfuscated code, leaving analysts with only malware functions to analyze. This saves time & speeds up investigations!
Check out the blog post on how GoResolver works and where to download it: https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/
#dfir #reversing #malwareanalysis
Security tips of the day:
logs only need to be stored 3 days, that's enough to cover a weekend
if you don't store backups, you also don't need to restore them
having less internal defenses decreases how long an attack takes, so you're back online faster
domain-join everything (especially firewalls and backups) to decrease dwell time of attackers
antivirus logs should never be monitored to reduce workload of analysts
never publish vulnerabilities: if no one knows about them, no one can exploit them ever.
For more security tips, follow my Tesla account.
Es gibt einfach eine negative Korrelation zwischen der Größe des "Vertraulich"-Schriftzugs auf dem Cover und der Qualität des selbigen Forensikreports.
How you implement your 'under four eyes policy' ? Do you really ship your key material without tamper protection ? How about your travels and hotel security ? Signing your releases from disk stored keys? Lot of question where apple believers cannot answer. Stop being stupid.
2025-03-30 RDP #Honeypot IOCs - 172404 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 82242
156.146.57.110 - 54795
156.146.57.52 - 9414
Top ASNs:
AS60068 - 82242
AS212238 - 76293
AS135161 - 9372
Top Accounts:
hello - 172290
Administr - 21
cdc2gf3s - 12
Top ISPs:
DataCamp Limited - 82242
Datacamp Limited - 76293
GMO-Z.COM PTE. LTD. - 9372
Top Clients:
Unknown - 172404
Top Software:
Unknown - 172404
Top Keyboards:
Unknown - 172404
Top IP Classification:
hosting & proxy - 161316
hosting - 10860
Unknown - 204
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/yGbQ3wvM
Pastebin2025-03-30_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
2025-03-30 RDP #Honeypot IOCs - 172401 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 82240
156.146.57.110 - 54794
156.146.57.52 - 9414
Top ASNs:
AS60068 - 82240
AS212238 - 76292
AS135161 - 9372
Top Accounts:
hello - 172287
Administr - 21
cdc2gf3s - 12
Top ISPs:
DataCamp Limited - 82240
Datacamp Limited - 76292
GMO-Z.COM PTE. LTD. - 9372
Top Clients:
Unknown - 172401
Top Software:
Unknown - 172401
Top Keyboards:
Unknown - 172401
Top IP Classification:
hosting & proxy - 161313
hosting - 10860
Unknown - 204
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/D1Sff6He
Pastebin2025-03-30_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
2025-03-30 RDP #Honeypot IOCs - 172398 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 82238
156.146.57.110 - 54793
156.146.57.52 - 9414
Top ASNs:
AS60068 - 82238
AS212238 - 76291
AS135161 - 9372
Top Accounts:
hello - 172284
Administr - 21
cdc2gf3s - 12
Top ISPs:
DataCamp Limited - 82238
Datacamp Limited - 76291
GMO-Z.COM PTE. LTD. - 9372
Top Clients:
Unknown - 172398
Top Software:
Unknown - 172398
Top Keyboards:
Unknown - 172398
Top IP Classification:
hosting & proxy - 161310
hosting - 10860
Unknown - 204
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/GknTx91v
Pastebin2025-03-30_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
Inactivity reboot coming to Android 16?! #DFIR https://www.androidauthority.com/android-inactivity-reboot-android-16-3539949/
Android Authority · Android 16 is getting a little more secure by stealing this iOS feature (APK teardown)Google is working on an Advanced Protection Mode in Android 16, and it now looks like a handy iOS 18 feature will be part of this mode.
Next noteworthy #breach incoming? Reading some chatter that there are claims of #checkpoint being breached by #coreinjection .
#dfir #threatintel