-f Around and Find Out: 18 Hours of Unsolicited Telnet Houseguests

**Executive summary:** Analysis of a coordinated exploitation campaign leveraging the Inetutils telnetd `-f` authentication bypass: 60 Telnet exploitation attempts from 18 source IPs resulted in shell access on some hosts, followed by reconnaissance, SSH key persistence attempts and an attempted Python-based second-stage fetch; the report provides PCAP-derived payload patterns, a taxonomy of payload variants and a list of IOCs (attacker IPs, payload fingerprints, and a malware distribution URL).