Invisible attacks with bind mount
A technique much simpler than rootkit can make a malicious process invisible
BlueTeam
Incidents 2025: MDR and IR Report
Combining MDR and IR statistics provides a better understanding of current and emerging threats
Attribution by Slang: Exposing Horabot
How our MDR team investigated a Brazilian hacker attack on Mexico
Incidents 2020-2025: Industry Statistics
What types of attacks are leading in different sectors in different years?
History of Critical Incidents
How critical incidents of different types were distributed across industries in 2020-2025
Hidden Tunnel: Proxying through WebSocket Secure
Another story of non-standard remote access
Attack with Four Remote Access Channels
Attackers used Velociraptor, VS Code Tunnel, Cloudflare Tunnel, and Zoho Assist
How to detect Notepad++ attack
Attackers were distributing malware from Notepad++ update center
Bypassing authentication in Fortinet products via SSO
An attacker with a FortiCloud account can log in to other users’ FortiOS
Cognitive Biases in SOC Analysts' Work
Anchoring effect, reasoning by analogy, and other logical errors
Human factor in cyber defense: when the enemy is our own mindset
The most common biases that occur in SOC and how to avoid them
Disabling Windows Defender via symlink
Built-in antivirus could be switched off without any third-party software
Top-10 posts of PurpleShift in 2025
We selected posts that got the most likes
Attacking Security Researchers via Visual Studio
A new technique to exploit VS IDE using SUO files