Purple Team
Detection Writing
Detecting malicious C2 activity (fork&run!)
https://dansec.medium.com/detecting-malicious-c2-activity-with-edr-telemetry-de1e8f3e7004