BlueTeam on Purpleshifthttps://purpleshift.io/tags/blueteam/Recent content in BlueTeam on PurpleshiftHugo -- gohugo.ioen© 2026Mon, 06 Apr 2026 07:12:39 +0000Invisible attacks with bind mounthttps://purpleshift.io/purple/2026-04-06-oqqa/Mon, 06 Apr 2026 07:12:39 +0000https://purpleshift.io/purple/2026-04-06-oqqa/A technique much simpler than rootkit can make a malicious process invisibleIncidents 2025: MDR and IR Reporthttps://purpleshift.io/purple/2026-03-31-fusf/Tue, 31 Mar 2026 10:51:13 +0000https://purpleshift.io/purple/2026-03-31-fusf/Combining MDR and IR statistics provides a better understanding of current and emerging threatsAttribution by Slang: Exposing Horabothttps://purpleshift.io/purple/2026-03-18-nffa/Wed, 18 Mar 2026 00:00:00 +0000https://purpleshift.io/purple/2026-03-18-nffa/How our MDR team investigated a Brazilian hacker attack on MexicoIncidents 2020-2025: Industry Statisticshttps://purpleshift.io/purple/2026-03-02-etxv/Tue, 03 Mar 2026 00:00:00 +0000https://purpleshift.io/purple/2026-03-02-etxv/What types of attacks are leading in different sectors in different years?History of Critical Incidentshttps://purpleshift.io/articles/2026-03-02-critical-incidents/Mon, 02 Mar 2026 00:00:00 +0000https://purpleshift.io/articles/2026-03-02-critical-incidents/How critical incidents of different types were distributed across industries in 2020-2025Hidden Tunnel: Proxying through WebSocket Securehttps://purpleshift.io/purple/2026-02-24-qjtc/Tue, 24 Feb 2026 05:35:02 +0000https://purpleshift.io/purple/2026-02-24-qjtc/Another story of non-standard remote accessAttack with Four Remote Access Channelshttps://purpleshift.io/purple/2026-02-19-tvxz/Thu, 19 Feb 2026 04:30:32 +0000https://purpleshift.io/purple/2026-02-19-tvxz/Attackers used Velociraptor, VS Code Tunnel, Cloudflare Tunnel, and Zoho AssistHow to detect Notepad++ attackhttps://purpleshift.io/purple/2026-02-05-kmwb/Thu, 05 Feb 2026 06:56:04 +0000https://purpleshift.io/purple/2026-02-05-kmwb/Attackers were distributing malware from Notepad++ update centerBypassing authentication in Fortinet products via SSOhttps://purpleshift.io/purple/2026-02-04-gjgx/Wed, 04 Feb 2026 08:21:47 +0000https://purpleshift.io/purple/2026-02-04-gjgx/An attacker with a FortiCloud account can log in to other users’ FortiOSCognitive Biases in SOC Analysts' Workhttps://purpleshift.io/purple/2026-01-19-akaq/Mon, 19 Jan 2026 10:52:55 +0000https://purpleshift.io/purple/2026-01-19-akaq/Anchoring effect, reasoning by analogy, and other logical errorsHuman factor in cyber defense: when the enemy is our own mindsethttps://purpleshift.io/articles/2026-01-16-mindset/Fri, 16 Jan 2026 00:00:00 +0000https://purpleshift.io/articles/2026-01-16-mindset/The most common biases that occur in SOC and how to avoid themDisabling Windows Defender via symlinkhttps://purpleshift.io/purple/2026-01-12-bmka/Mon, 12 Jan 2026 00:00:00 +0000https://purpleshift.io/purple/2026-01-12-bmka/Built-in antivirus could be switched off without any third-party softwareTop-10 posts of PurpleShift in 2025https://purpleshift.io/purple/2025-12-26-ikap/Fri, 26 Dec 2025 09:47:52 +0000https://purpleshift.io/purple/2025-12-26-ikap/We selected posts that got the most likesAttacking Security Researchers via Visual Studiohttps://purpleshift.io/articles/2025-05-01-attacking-security-researchers-via-visual-studio/Fri, 05 Jul 2024 00:00:00 +0000https://purpleshift.io/articles/2025-05-01-attacking-security-researchers-via-visual-studio/A new technique to exploit VS IDE using SUO files