Read the latest DFIR news – Semantics 21 investigator wellbeing tools, Archetyp Market takedown, Forensic Timeliner update, DFIR education gaps, and more. https://www.forensicfocus.com/news/digital-forensics-round-up-june-25-2025/ #digitalforensics #dfir

2025-06-25 RDP #Honeypot IOCs - 39099 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 27192
14.225.202.191 - 11751
92.63.197.23 - 36

Top ASNs:
AS11427 - 27192
AS135905 - 11751
AS396982 - 36

Top Accounts:
hello - 38970
Administr - 39
Test - 18

Top ISPs:
Charter Communications Inc - 27192
Vietnam Posts and Telecommunications Group - 11751
Google LLC - 36

Top Clients:
Unknown - 39099

Top Software:
Unknown - 39099

Top Keyboards:
Unknown - 39099

Top IP Classification:
Unknown - 39039
hosting - 60

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/P92vf3EY

#CyberSec #SOC #Blueteam #SecOps #Security

2025-06-25 RDP #Honeypot IOCs - 26066 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 18128
14.225.202.191 - 7834
92.63.197.23 - 24

Top ASNs:
AS11427 - 18128
AS135905 - 7834
AS396982 - 24

Top Accounts:
hello - 25980
Administr - 26
Test - 12

Top ISPs:
Charter Communications Inc - 18128
Vietnam Posts and Telecommunications Group - 7834
Google LLC - 24

Top Clients:
Unknown - 26066

Top Software:
Unknown - 26066

Top Keyboards:
Unknown - 26066

Top IP Classification:
Unknown - 26026
hosting - 40

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/uYyHLZqZ

#CyberSec #SOC #Blueteam #SecOps #Security

2025-06-25 RDP #Honeypot IOCs - 13033 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 9064
14.225.202.191 - 3917
92.63.197.23 - 12

Top ASNs:
AS11427 - 9064
AS135905 - 3917
AS396982 - 12

Top Accounts:
hello - 12990
Administr - 13
Test - 6

Top ISPs:
Charter Communications Inc - 9064
Vietnam Posts and Telecommunications Group - 3917
Google LLC - 12

Top Clients:
Unknown - 13033

Top Software:
Unknown - 13033

Top Keyboards:
Unknown - 13033

Top IP Classification:
Unknown - 13013
hosting - 20

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/jhRdGQPZ

#CyberSec #SOC #Blueteam #SecOps #Security

Playbooks don't replace or restrict analysts; however, they can help them perform more thorough investigations. Creating and using them also serves as an excellent learning tool. I hope this standard and its adoption will help folks along that path. #SOC #DFIR

A single misstep in AD CS can hand attackers the keys to your entire domain—no passwords needed.

If your team installed Active Directory Certificate Services more than six months ago, your organization could be at risk.

Watch our new 4-minute video to see how a default setting enables low-privilege users to escalate all the way to domain admin and what you can do to reduce your risk. https://youtu.be/S59dNEPnJ4M

#ActiveDirectory #Cybersecurity #PenetrationTesting #PrivilegeEscalation #ADCS #ITsecurity #infosec #CISO #DomainAdmin #NetworkSecurity #DFIR

Announcing the DFIR Labs Digital Forensics Challenge - Enterprise Edition! This isn't another textbook simulation. We're giving your team exclusive access to a brand-new, unreleased case from a real incident.

🗓️ When: August 30, 2025 (14:00 – 18:00 UTC)
🛠️ Choose your SIEM: Azure Log Analytics, Elastic, or Splunk.
🕵️ Your Squad: Form a team of 2-3 analysts.
🏆 The Glory: Solve the case, claim bragging rights, and win prizes for the top team!

Spaces are limited. Assemble your elite team and register now to secure your spot!

Register Here: https://dfirlabs.thedfirreport.com/dfirchallenge-enterprise-edition

#DFIR #DigitalForensics #IncidentResponse #CyberSecurity #InfoSec

2025-06-24 RDP #Honeypot IOCs - 39438 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 27501
14.225.202.191 - 11772
92.63.197.23 - 33

Top ASNs:
AS11427 - 27501
AS135905 - 11772
AS396982 - 36

Top Accounts:
hello - 39306
Administr - 42
Test - 30

Top ISPs:
Charter Communications Inc - 27501
Vietnam Posts and Telecommunications Group - 11772
Google LLC - 36

Top Clients:
Unknown - 39438

Top Software:
Unknown - 39438

Top Keyboards:
Unknown - 39438

Top IP Classification:
Unknown - 39363
hosting - 63
proxy - 12

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/WHNN8q05

#CyberSec #SOC #Blueteam #SecOps #Security

2025-06-24 RDP #Honeypot IOCs - 26292 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 18334
14.225.202.191 - 7848
92.63.197.23 - 22

Top ASNs:
AS11427 - 18334
AS135905 - 7848
AS396982 - 24

Top Accounts:
hello - 26204
Administr - 28
Test - 20

Top ISPs:
Charter Communications Inc - 18334
Vietnam Posts and Telecommunications Group - 7848
Google LLC - 24

Top Clients:
Unknown - 26292

Top Software:
Unknown - 26292

Top Keyboards:
Unknown - 26292

Top IP Classification:
Unknown - 26242
hosting - 42
proxy - 8

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/CM4GDDUG

#CyberSec #SOC #Blueteam #SecOps #Security

2025-06-24 RDP #Honeypot IOCs - 13146 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 9167
14.225.202.191 - 3924
92.63.197.23 - 11

Top ASNs:
AS11427 - 9167
AS135905 - 3924
AS396982 - 12

Top Accounts:
hello - 13102
Administr - 14
Test - 10

Top ISPs:
Charter Communications Inc - 9167
Vietnam Posts and Telecommunications Group - 3924
Google LLC - 12

Top Clients:
Unknown - 13146

Top Software:
Unknown - 13146

Top Keyboards:
Unknown - 13146

Top IP Classification:
Unknown - 13121
hosting - 21
proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/p1d9pRmx

#CyberSec #SOC #Blueteam #SecOps #Security

Investigation Scenario 🔎

A macOS system performed a DNS query for a .onion domain.

The system doesn't have an EDR available -- only native logging.

What do you look for to investigate whether an incident occurred?

#InvestigationPath #DFIR #SOC

🧠 Understanding tool limitations is just as important and knowing tool capabilities especially when what you need to find is not there and you expected it to be.

#DigitalForensics #MobileForensics #DFIR

🧠 Understanding tool limitations is just as important and knowing tool capabilities especially when what you need to find is not there and you expected it to be.

#DigitalForensics #MobileForensics #DFIR

2025-06-23 RDP #Honeypot IOCs - 39510 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 27480
14.225.202.191 - 11859
92.63.197.23 - 33

Top ASNs:
AS11427 - 27480
AS135905 - 11859
AS396982 - 36

Top Accounts:
hello - 39372
Administr - 42
Test - 18

Top ISPs:
Charter Communications Inc - 27480
Vietnam Posts and Telecommunications Group - 11859
Google LLC - 36

Top Clients:
Unknown - 39510

Top Software:
Unknown - 39510

Top Keyboards:
Unknown - 39510

Top IP Classification:
Unknown - 39465
hosting - 39
proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/D4anre9E

#CyberSec #SOC #Blueteam #SecOps #Security

2025-06-23 RDP #Honeypot IOCs - 26340 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 18320
14.225.202.191 - 7906
92.63.197.23 - 22

Top ASNs:
AS11427 - 18320
AS135905 - 7906
AS396982 - 24

Top Accounts:
hello - 26248
Administr - 28
Test - 12

Top ISPs:
Charter Communications Inc - 18320
Vietnam Posts and Telecommunications Group - 7906
Google LLC - 24

Top Clients:
Unknown - 26340

Top Software:
Unknown - 26340

Top Keyboards:
Unknown - 26340

Top IP Classification:
Unknown - 26310
hosting - 26
proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/7sZmcQfL

#CyberSec #SOC #Blueteam #SecOps #Security

2025-06-23 RDP #Honeypot IOCs - 13170 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 9160
14.225.202.191 - 3953
92.63.197.23 - 11

Top ASNs:
AS11427 - 9160
AS135905 - 3953
AS396982 - 12

Top Accounts:
hello - 13124
Administr - 14
Test - 6

Top ISPs:
Charter Communications Inc - 9160
Vietnam Posts and Telecommunications Group - 3953
Google LLC - 12

Top Clients:
Unknown - 13170

Top Software:
Unknown - 13170

Top Keyboards:
Unknown - 13170

Top IP Classification:
Unknown - 13155
hosting - 13
proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/zkgwTe41

#CyberSec #SOC #Blueteam #SecOps #Security

Chronos vs Chaos: The Art (and Pain) of Building a DFIR Timeline: https://medium.com/@mathias.fuchs/chronos-vs-chaos-the-art-and-pain-of-building-a-dfir-timeline-a40c6e37106d

#dfir #incidentresponse #timeline

Sometimes you have to align it just right...

#DigitalForensics #DigitalForensics #DFIR

I am trying to learn Rust, any good practical tutorial, book, anything possibly with stuff forensics or malware related? I need some practicals along with the theory ...

#rust #dfir #learning

2025-06-21 RDP #Honeypot IOCs - 42807 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
24.173.30.170 - 27744
14.225.202.191 - 12240
157.230.248.35 - 2610

Top ASNs:
AS11427 - 27744
AS135905 - 12240
AS14061 - 2631

Top Accounts:
hello - 42624
Administr - 42
Test - 18

Top ISPs:
Charter Communications Inc - 27744
Vietnam Posts and Telecommunications Group - 12240
DigitalOcean, LLC - 2631

Top Clients:
Unknown - 42807

Top Software:
Unknown - 42807

Top Keyboards:
Unknown - 42807

Top IP Classification:
Unknown - 40098
hosting - 2703
proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/FmKV93nC

#CyberSec #SOC #Blueteam #SecOps #Security