Blue Team · 24 articles

Blue Team

SOC, detection engineering, threat hunting, IR, forensics, malware analysis.

Academy

Breaking Into a SOC Role in India: Skills, Labs, and the Path That Works

Want a SOC analyst job in India? The realistic skills, labs, and certs that get you the interview.

May 25, 2026 · 1 min read
Academy

Module 19 · SOC Metrics That Actually Drive Improvement

The bad metrics Total alerts processed — measures volume, not value. Encourages keeping noisy rules. Alerts per analyst per shift — encourages…

May 14, 2026 · 3 min read
Academy

Module 20 · Purple Team — Operationalising Adversary Emulation

Red vs purple — what differs Red team Purple team Adversary emulation, blue blind Adversary emulation, blue collaborating Goal: demonstrate impact Goal:…

May 14, 2026 · 3 min read
Academy

Module 17 · Threat Hunting Operationalised — Hypotheses, Pivots, Dashboards

What threat hunting is Proactive search for adversary presence based on hypothesis, not alert. The defender assumes a sophisticated attacker may already…

May 14, 2026 · 3 min read
Academy

Module 18 · Detection Engineering — Sigma, ATT&CK Coverage, Validation

What detection engineering is Design rules that fire on adversary behaviour, not noise. Test rules against historical data and red-team data. Tune…

May 14, 2026 · 3 min read
Academy

Module 16 · SOAR — Security Orchestration, Automation, Response

What SOAR does Orchestration: connect security tools via API; trigger actions across them. Automation: execute repeatable workflows without human intervention. Case management:…

May 14, 2026 · 3 min read
Blue Team

Cloudflare-Fronted Phishing in 2026 — How Workers, Pages, Tunnels, and R2 Became Default Phishing Infrastructure

Cloudflare free-tier products (Workers, Pages, Trycloudflare, R2) have become dominant phishing infrastructure of 2024-2026. The five abuse vectors, why URL categorisation fails,…

May 8, 2026 · 6 min read
Blue Team

EDR Bypass Techniques 2026 — What Microsoft Actually Killed and What Still Works

EDR-bypass techniques in 2026 cluster around BYOVD, syscall unhooking, DLL sideloading, and cloud-service-fronted C2. What Microsoft 11 + HVCI actually killed in…

May 8, 2026 · 6 min read
Academy

Data Loss Prevention at Scale

DLP that works in 2026 — endpoint, network, cloud, email channels; pattern + classifier rules; rollout sequence (audit → block); fatigue management;…

Apr 26, 2026 · 3 min read
Blue Team

ATM and POS Skimming Investigations in 2026

ATM / POS skimming variants in 2026 — overlay devices, deep-insert skimmers, POS terminal manipulation, Magecart e-commerce skimming. Detection SQL queries, investigation…

Apr 25, 2026 · 2 min read