| From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements | 8 | purpleteamsec | | | | |
| LeakedWallpaper: Leak of any user's NetNTLM hash. Fixed in KB5040434 | 7 | purpleteamsec | | | | |
| Detect compromised RDP sessions with Microsoft Defender for Endpoint | 6 | purpleteamsec | | | | |
| Open Source C&C Specification | 6 | purpleteamsec | | | | |
| BloodHound Operator — Dog Whispering Reloaded | 5 | purpleteamsec | | | | |
| C2 Frameworks - Threat Hunting in Action with YARA Rules | 5 | purpleteamsec | | | | |
| Relay Your Heart Away: An OPSEC-Conscious Approach to 445 Takeover | 5 | purpleteamsec | | | | |
| Hybrid Attack Paths, New Views and your favorite dog learns an old trick | 4 | purpleteamsec | | | | |
| Latrodectus dropped by BR4 🕷️ | 3 | purpleteamsec | | | | |
| Execution Guardrails: No One Likes Unintentional Exposure | 3 | purpleteamsec | | | | |
