Amine Besson's 'SOC must die talk' from #BSidesLuxembourg2025 is an absolute blast and a must-watch if you want to know where your SOC should move in today's environment and which role autonomy and AI will/should have in it going forwards
So if you do #blueteam #SOC #DetectionEngineering, watch this.
Amine Besson's 'SOC must die talk' from #BSidesLuxembourg2025 is an absolute blast and a must-watch if you want to know where your SOC should move in today's environment and which role autonomy and AI will/should have in it going forwards
So if you do #blueteam #SOC #DetectionEngineering, watch this.
CC @anton_chuvakin did you see it yet?
2025-10-12 RDP #Honeypot IOCs - 57651 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.68.187.63 - 29889
113.161.168.2 - 16617
36.50.135.31 - 8856
Top ASNs:
AS14061 - 31959
AS45899 - 16617
AS150862 - 8856
Top Accounts:
hello - 57534
Administr - 27
root - 18
Top ISPs:
DigitalOcean, LLC - 31959
VietNam Post and Telecom Corporation - 16617
Vpsttt Computer Company Limited - 8856
Top Clients:
Unknown - 57651
Top Software:
Unknown - 57651
Top Keyboards:
Unknown - 57651
Top IP Classification:
hosting - 32070
Unknown - 25578
hosting & proxy - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-10-12 RDP #Honeypot IOCs - 38434 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.68.187.63 - 19926
113.161.168.2 - 11078
36.50.135.31 - 5904
Top ASNs:
AS14061 - 21306
AS45899 - 11078
AS150862 - 5904
Top Accounts:
hello - 38356
Administr - 18
root - 12
Top ISPs:
DigitalOcean, LLC - 21306
VietNam Post and Telecom Corporation - 11078
Vpsttt Computer Company Limited - 5904
Top Clients:
Unknown - 38434
Top Software:
Unknown - 38434
Top Keyboards:
Unknown - 38434
Top IP Classification:
hosting - 21380
Unknown - 17052
hosting & proxy - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-10-12 RDP #Honeypot IOCs - 19217 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.68.187.63 - 9963
113.161.168.2 - 5539
36.50.135.31 - 2952
Top ASNs:
AS14061 - 10653
AS45899 - 5539
AS150862 - 2952
Top Accounts:
hello - 19178
Administr - 9
root - 6
Top ISPs:
DigitalOcean, LLC - 10653
VietNam Post and Telecom Corporation - 5539
Vpsttt Computer Company Limited - 2952
Top Clients:
Unknown - 19217
Top Software:
Unknown - 19217
Top Keyboards:
Unknown - 19217
Top IP Classification:
hosting - 10690
Unknown - 8526
hosting & proxy - 1
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
I think I'll start scheduling some "blue team themed" gaming sessions.
Time to get Dungeon Keeper out of the archives.
🚨 HIGH severity: 100+ SonicWall VPN accounts compromised. Unauthorized access threatens EU networks—audit logs, enforce MFA, patch, and monitor closely. No CVE yet, threat is active. Details: https://radar.offseq.com/threat/experts-warn-of-widespread-sonicwall-vpn-compromis-7c043863 #OffSeq #SonicWall #VPN #ThreatIntel #BlueTeam
🔥 CRITICAL: CVE-2025-10035 in GoAnywhere MFT (7.6.x–7.8.x) enables unauthenticated remote command injection—actively exploited for ransomware (Medusa). Restrict admin console access, patch now, and monitor for IOCs. Details: https://radar.offseq.com/threat/from-detection-to-patch-fortra-reveals-full-timeli-d569181c #OffSeq #vuln #GoAnywhere #BlueTeam
2025-10-11 RDP #Honeypot IOCs - 27912 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
113.161.168.2 - 15777
36.50.135.31 - 9480
159.65.89.11 - 2292
Top ASNs:
AS45899 - 15777
AS150862 - 9480
AS14061 - 2538
Top Accounts:
hello - 27798
crsv3u0m - 12
Test - 12
Top ISPs:
VietNam Post and Telecom Corporation - 15777
Vpsttt Computer Company Limited - 9480
DigitalOcean, LLC - 2538
Top Clients:
Unknown - 27912
Top Software:
Unknown - 27912
Top Keyboards:
Unknown - 27912
Top IP Classification:
Unknown - 25320
hosting - 2586
proxy - 6
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-10-11 RDP #Honeypot IOCs - 18608 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
113.161.168.2 - 10518
36.50.135.31 - 6320
159.65.89.11 - 1528
Top ASNs:
AS45899 - 10518
AS150862 - 6320
AS14061 - 1692
Top Accounts:
hello - 18532
crsv3u0m - 8
Test - 8
Top ISPs:
VietNam Post and Telecom Corporation - 10518
Vpsttt Computer Company Limited - 6320
DigitalOcean, LLC - 1692
Top Clients:
Unknown - 18608
Top Software:
Unknown - 18608
Top Keyboards:
Unknown - 18608
Top IP Classification:
Unknown - 16880
hosting - 1724
proxy - 4
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-10-11 RDP #Honeypot IOCs - 9304 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
113.161.168.2 - 5259
36.50.135.31 - 3160
159.65.89.11 - 764
Top ASNs:
AS45899 - 5259
AS150862 - 3160
AS14061 - 846
Top Accounts:
hello - 9266
crsv3u0m - 4
Test - 4
Top ISPs:
VietNam Post and Telecom Corporation - 5259
Vpsttt Computer Company Limited - 3160
DigitalOcean, LLC - 846
Top Clients:
Unknown - 9304
Top Software:
Unknown - 9304
Top Keyboards:
Unknown - 9304
Top IP Classification:
Unknown - 8440
hosting - 862
proxy - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
🚨 CVE-2025-6439 (CRITICAL, CVSS 9.8): Path traversal in WooCommerce Designer Pro allows unauth file deletion via 'wcdp_save_canvas_design_ajax'. No patch yet—restrict endpoint, monitor logs, back up data. https://radar.offseq.com/threat/cve-2025-6439-cwe-22-improper-limitation-of-a-path-0932a760 #OffSeq #WordPress #Vulnerability #BlueTeam
2025-10-09 RDP #Honeypot IOCs - 12180 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
104.248.155.196 - 4395
113.161.168.2 - 2541
159.65.89.11 - 2169
Top ASNs:
AS14061 - 8037
AS45899 - 2559
AS150862 - 1044
Top Accounts:
hello - 11643
142.93.8.59 - 342
Administr - 42
Top ISPs:
DigitalOcean, LLC - 8037
VietNam Post and Telecom Corporation - 2553
Vpsttt Computer Company Limited - 1044
Top Clients:
Unknown - 12180
Top Software:
Unknown - 12180
Top Keyboards:
Unknown - 12180
Top IP Classification:
hosting - 8136
Unknown - 4014
mobile - 18
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-10-09 RDP #Honeypot IOCs - 12178 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
104.248.155.196 - 4395
113.161.168.2 - 2540
159.65.89.11 - 2169
Top ASNs:
AS14061 - 8037
AS45899 - 2558
AS150862 - 1043
Top Accounts:
hello - 11641
142.93.8.59 - 342
Administr - 42
Top ISPs:
DigitalOcean, LLC - 8037
VietNam Post and Telecom Corporation - 2552
Vpsttt Computer Company Limited - 1043
Top Clients:
Unknown - 12178
Top Software:
Unknown - 12178
Top Keyboards:
Unknown - 12178
Top IP Classification:
hosting - 8136
Unknown - 4012
mobile - 18
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-10-09 RDP #Honeypot IOCs - 12176 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
104.248.155.196 - 4395
113.161.168.2 - 2539
159.65.89.11 - 2169
Top ASNs:
AS14061 - 8037
AS45899 - 2557
AS150862 - 1042
Top Accounts:
hello - 11639
142.93.8.59 - 342
Administr - 42
Top ISPs:
DigitalOcean, LLC - 8037
VietNam Post and Telecom Corporation - 2551
Vpsttt Computer Company Limited - 1042
Top Clients:
Unknown - 12176
Top Software:
Unknown - 12176
Top Keyboards:
Unknown - 12176
Top IP Classification:
hosting - 8136
Unknown - 4010
mobile - 18
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
🚨 CVE-2025-35050: CRITICAL deserialization vuln in Newforma Project Center (all versions). Remote, unauthenticated code execution via '/remoteweb/remote.rem'. Restrict access & monitor endpoints now! https://radar.offseq.com/threat/cve-2025-35050-cwe-502-deserialization-of-untruste-5e60a06b #OffSeq #CVE202535050 #BlueTeam #Vuln
2025-10-09 RDP #Honeypot IOCs - 12174 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
104.248.155.196 - 4395
113.161.168.2 - 2538
159.65.89.11 - 2169
Top ASNs:
AS14061 - 8037
AS45899 - 2556
AS150862 - 1041
Top Accounts:
hello - 11637
142.93.8.59 - 342
Administr - 42
Top ISPs:
DigitalOcean, LLC - 8037
VietNam Post and Telecom Corporation - 2550
Vpsttt Computer Company Limited - 1041
Top Clients:
Unknown - 12174
Top Software:
Unknown - 12174
Top Keyboards:
Unknown - 12174
Top IP Classification:
hosting - 8136
Unknown - 4008
mobile - 18
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-10-09 RDP #Honeypot IOCs - 8116 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
104.248.155.196 - 2930
113.161.168.2 - 1692
159.65.89.11 - 1446
Top ASNs:
AS14061 - 5358
AS45899 - 1704
AS150862 - 694
Top Accounts:
hello - 7758
142.93.8.59 - 228
Administr - 28
Top ISPs:
DigitalOcean, LLC - 5358
VietNam Post and Telecom Corporation - 1700
Vpsttt Computer Company Limited - 694
Top Clients:
Unknown - 8116
Top Software:
Unknown - 8116
Top Keyboards:
Unknown - 8116
Top IP Classification:
hosting - 5424
Unknown - 2672
mobile - 12
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-10-09 RDP #Honeypot IOCs - 4058 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
104.248.155.196 - 1465
113.161.168.2 - 846
159.65.89.11 - 723
Top ASNs:
AS14061 - 2679
AS45899 - 852
AS150862 - 347
Top Accounts:
hello - 3879
142.93.8.59 - 114
Administr - 14
Top ISPs:
DigitalOcean, LLC - 2679
VietNam Post and Telecom Corporation - 850
Vpsttt Computer Company Limited - 347
Top Clients:
Unknown - 4058
Top Software:
Unknown - 4058
Top Keyboards:
Unknown - 4058
Top IP Classification:
hosting - 2712
Unknown - 1336
mobile - 6
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
Why is Santa keeping track of "naughty" binaries? 🎅💻
Santa is a macOS authorization tool that tracks binaries and file access via allow/deny rules. With code-signing checks, regex-based paths, and caching for efficiency, it's built for vigilant endpoint security. It even prevents self-blocks or critical system interference.
#macOS #EndpointSecurity #OpenSource
🔗 Project link on #GitHub 👉 https://github.com/northpolesec/santa
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️
