mitre-references

https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html
https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf
http://2015.zeronights.org/assets/files/05-Nosenko.pdf
http://adsecurity.org/?p=1275
http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/
http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family
http://blog.crowdstrike.com/adversary-tricks-crowdstrike-treats/
http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/
http://blog.gentilkiwi.com/securite/mimikatz/pass-the-ticket-kerberos
http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html
http://blog.morphisec.com/fin7-attacks-restaurant-industry
http://blog.morphisec.com/security-alert-fin8-is-back
http://blog.redxorblue.com/2018/07/executing-macros-from-docx-with-remote.html
http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/
http://blog.talosintelligence.com/2017/03/dnsmessenger.html
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
http://blog.teusink.net/2009/08/passwords-stored-using-reversible.html
http://blog.teusink.net/2009/08/passwords-stored-using-reversible_26.html
http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html
http://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/
http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/
http://blog.trendmicro.com/trendlabs-security-intelligence/kunming-attack-leads-to-gh0st-rat-variant/
http://blog.trendmicro.com/trendlabs-security-intelligence/rarstone-found-in-targeted-attacks/
http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/
http://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities
http://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities-part-2
http://blogs.cisco.com/security/talos/threat-spotlight-group-72
http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx
http://carnal0wnage.attackresearch.com/2012/09/more-on-aptsim.html
http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html
http://carnal0wnage.attackresearch.com/2014/05/mimikatz-against-virtual-machine-memory.html
http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf
http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf
http://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf
http://csis.pace.edu/~ctappert/srd2017/2017PDF/d4.pdf
http://defcon.org/images/defcon-22/dc-22-presentations/Campbell/DEFCON-22-Christopher-Campbell-The-Secret-Life-of-Krbtgt.pdf
http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html
http://download.ahnlab.com/global/brochure/[Analysis]Andariel_Group.pdf
http://download.microsoft.com/download/4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft_Security_Intelligence_Report_Volume_19_English.pdf
http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf
http://en.wikipedia.org/wiki/List_of_network_protocols_%28OSI_model%29
http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf
http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-Dissecting-DGAs-Eight-Real-World-DGA-Variants.pdf
http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/
http://hick.org/code/skape/papers/needle.txt
http://journeyintoir.blogspot.com/2012/12/extracting-zeroaccess-from-ntfs.html
http://juusosalonen.com/post/30923743427/breaking-into-the-os-x-keychain
http://labs.lastline.com/an-analysis-of-plugx
http://lists.openstack.org/pipermail/openstack/2013-December/004138.html
http://lockboxx.blogspot.com/2019/07/macos-red-teaming-206-ard-apple-remote.html
http://man7.org/linux/man-pages/man1/dd.1.html
http://man7.org/linux/man-pages/man1/systemd.1.html
http://man7.org/linux/man-pages/man2/ptrace.2.html
http://man7.org/linux/man-pages/man2/setuid.2.html
http://manpages.ubuntu.com/manpages/bionic/man8/systemd-rc-local-generator.8.html
http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf
http://msdn.microsoft.com/en-us/library/aa364404
http://msdn.microsoft.com/en-us/library/aa376977
http://msdn.microsoft.com/en-us/library/aa384426
http://msdn.microsoft.com/en-us/library/bb166549.aspx
http://msdn.microsoft.com/en-us/library/dd183341
http://msdn.microsoft.com/en-us/library/ms682425
http://msdn.microsoft.com/en-us/library/ms687393
http://news.softpedia.com/news/cryptocurrency-mining-malware-discovered-targeting-seagate-nas-hard-drives-508119.shtml
http://opensecuritytraining.info/Keylogging_files/The%20Adventures%20of%20a%20Keystroke.pdf
http://pages.endgame.com/rs/627-YBU-612/images/EndgameJournal_The%20Masquerade%20Ball_Pages_R2.pdf
http://pen-testing.sans.org/blog/pen-testing/2013/08/08/psexec-uac-bypass
http://phrack.org/issues/51/8.html
http://powersploit.readthedocs.io
http://pxnow.prevx.com/content/blog/carberp-a_modular_information_stealing_trojan.pdf
http://recursos.aldabaknocking.com/libpcapHakin9LuisMartinGarcia.pdf
http://research.zscaler.com/2015/08/chinese-cyber-espionage-apt-group.html
http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html
http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/
http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/
http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/
http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/
http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/
http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/
http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/
http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/
http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/
http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/
http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/
http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/
http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/
http://rkhunter.sourceforge.net
http://securityaffairs.co/wordpress/65318/hacking/dde-attack-apt28.html
http://securityaffairs.co/wordpress/8528/hacking/elderwood-project-who-is-behind-op-aurora-and-ongoing-attacks.html
http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf
http://sqlmap.org/
http://support.microsoft.com/KB/170292
http://support.microsoft.com/kb/2962486
http://support.microsoft.com/kb/314984
http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx
http://tenon.com/products/codebuilder/User_Guide/6_File_Systems.html#anchor520553
http://tldp.org/HOWTO/Module-HOWTO/x197.html
http://web.mit.edu/macdev/KfM/Common/Documentation/preferences.html
http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html
http://windowsitpro.com/systems-management/psexec
http://windowsitpro.com/windows/netexe-reference
http://woshub.com/how-to-allow-multiple-rdp-sessions-in-windows-10/
http://www.akyl.net/securing-bashhistory-file-make-sure-your-linux-system-users-won%E2%80%99t-hide-or-delete-their-bashhistory
http://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments
http://www.ampliasecurity.com/research/wcefaq.html
http://www.autosectools.com/process-hollowing.pdf
http://www.blackhat.com/docs/asia-14/materials/Tsai/WP-Asia-14-Tsai-You-Cant-See-Me-A-Mac-OS-X-Rootkit-Uses-The-Tricks-You-Havent-Known-Yet.pdf
http://www.blackhillsinfosec.com/?p=4645
http://www.chkrootkit.org/
http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html
http://www.clearskysec.com/oilrig/
http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf
http://www.codeproject.com/Articles/32169/FDump-Dumping-File-Sectors-Directly-from-Disk-usin
http://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/
http://www.crowdstrike.com/blog/whois-numbered-panda/
http://www.cyberengineeringservices.com/2011/12/15/trojan-gtalk/
http://www.dtic.mil/dtic/tr/fulltext/u2/a465464.pdf
http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
http://www.entrust.net/knowledge-base/technote.cfm?tn=8165
http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
http://www.finfisher.com/FinFisher/index.html
http://www.gmer.net/
http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf
http://www.harmj0y.net/blog/activedirectory/roasting-as-reps/
http://www.harmj0y.net/blog/activedirectory/the-most-dangerous-user-right-you-probably-have-never-heard-of/
http://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/
http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/
http://www.hexacorn.com/blog/2014/04/16/beyond-good-ol-run-key-part-10/
http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/
http://www.hexacorn.com/blog/2017/04/19/beyond-good-ol-run-key-part-62/
http://www.hexed.in/2019/07/osxdok-analysis.html
http://www.icir.org/vern/papers/meek-PETS-2015.pdf
http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html
http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/
http://www.issuemakerslab.com/research3/
http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html
http://www.magnusviri.com/Mac/what-is-emond.html
http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf
http://www.megasecurity.org/papers/Rootkits.pdf
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FKasidet
http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about
http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research
http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf
http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf
http://www.nth-dimension.org.uk/pub/BTL.pdf
http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840
http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599
http://www.secpod.com/blog/winexe/
http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf
http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-family/
http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/
http://www.secureworks.com/cyber-threat-intelligence/threats/The_Lifecycle_of_Peer_to_Peer_Gameover_ZeuS/
http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korean-financial-sector/
http://www.secureworks.com/research/threat-profiles/iron-hemlock
http://www.secureworks.com/research/threat-profiles/iron-hunter
http://www.secureworks.com/resources/blog/living-off-the-land/
http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/
http://www.sixdub.net/?p=367
http://www.slideshare.net/MatthewDunwoody1/no-easy-breach-derby-con-2016
http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way
http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion
http://www.symantec.com/connect/blogs/bios-threat-showing-again
http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong
http://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory
http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates
http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks
http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries
http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates
http://www.symantec.com/connect/blogs/trojanzeroaccessc-hidden-ntfs-ea
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dyre-emerging-threat.pdf
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Symantec_Remsec_IOCs.pdf
http://www.symantec.com/security_response/writeup.jsp?docid=2015-020623-0740-99&tabid=2
http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings/
http://www.thesafemac.com/new-signed-malware-called-janicab/
http://www.tldp.org/LDP/lkmpg/2.4/html/x437.html
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf
http://www.trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf
http://www.uefi.org/about
http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/
http://www.welivesecurity.com/2015/07/10/sednit-apt-group-meets-hacking-team/
http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/
http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf
https://0x00sec.org/t/super-stealthy-droppers/3715
https://0xn3va.gitbook.io/cheat-sheets/container/escaping
https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pluggable_authentication_modules
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing
https://adds-security.blogspot.fr/2018/02/detecter-dcshadow-impossible.html
https://adsecurity.org/?p=1515
https://adsecurity.org/?p=1588
https://adsecurity.org/?p=1640
https://adsecurity.org/?p=1729
https://adsecurity.org/?p=1772
https://adsecurity.org/?p=2011
https://adsecurity.org/?p=2053
https://adsecurity.org/?p=227
https://adsecurity.org/?p=2288
https://adsecurity.org/?p=2293
https://adsecurity.org/?p=2716
https://adsecurity.org/?p=3299
https://adsecurity.org/?p=4277
https://adsecurity.org/?p=483
https://adsecurity.org/?p=556
https://adsecurity.org/?page_id=1821
https://airbus-cyber-security.com/fileless-malware-behavioural-analysis-kovter-persistence/
https://airbus-cyber-security.com/the-eye-of-the-tiger/
https://antman1p-30185.medium.com/defeating-malicious-launch-persistence-156e2b40fc67
https://any.run/cybersecurity-blog/time-bombs-malware-with-delayed-execution/
https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm
https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm
https://arstechnica.com/information-technology/2007/05/malware-piggybacks-on-windows-background-intelligent-transfer-service/
https://arstechnica.com/information-technology/2012/03/the-pwn-plug-is-a-little-white-box-that-can-hack-your-network/
https://arstechnica.com/information-technology/2014/06/active-malware-operation-let-attackers-sabotage-us-energy-industry/
https://arstechnica.com/information-technology/2015/03/massive-denial-of-service-attack-on-github-tied-to-chinese-government/
https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
https://arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-source-code-and-private-data/
https://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-backdoors-are-suddenly-back/
https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/
https://arxiv.org/abs/1809.05681
https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf
https://arxiv.org/pdf/1611.00791.pdf
https://arxiv.org/pdf/2102.04796.pdf
https://asert.arbornetworks.com/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/
https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/
https://ashwinrayaprolu.wordpress.com/2011/04/12/xcmd-an-alternative-to-psexec/
https://assets.documentcloud.org/documents/20413525/fbi-flash-indicators-of-compromise-ragnar-locker-ransomware-11192020-bc.pdf
https://assets.sentinelone.com/labs/sentinel-one-valak-i   
https://atlas-cybersecurity.com/cyber-threats/threat-actors-use-search-engine-optimization-tactics-to-redirect-traffic-and-install-malware/
https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf
https://auth0.com/blog/why-should-use-accesstokens-to-secure-an-api/
https://auth0.com/learn/refresh-tokens/
https://awakesecurity.com/blog/threat-hunting-for-avaddon-ransomware/
https://awakesecurity.com/blog/threat-hunting-series-detecting-command-control-in-the-cloud/
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
https://aws.amazon.com/blogs/security/newly-updated-features-in-the-aws-iam-console-help-you-adhere-to-iam-best-practices/
https://aws.amazon.com/identity/federation/
https://aws.amazon.com/premiumsupport/knowledge-center/cloudtrail-search-api-calls/
https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/
https://backtrace.io/blog/backtrace/elf-shared-library-injection-forensics/
https://baesystemsai.blogspot.com/2015/06/new-mac-os-malware-exploits-mackeeper.html
https://bash.cyberciti.biz/guide/Trap_statement
https://bencane.com/2013/09/16/understanding-a-little-more-about-etcprofile-and-etcbashrc/
https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/
https://blog.alyac.co.kr/2234
https://blog.aquasec.com/container-security-tnt-container-attack
https://blog.aquasec.com/malicious-container-image-docker-container-host
https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
https://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had-keylogger-capacities
https://blog.certfa.com/posts/charming-kitten-christmas-gift/
https://blog.checkpoint.com/2015/05/14/analysis-havij-sql-injection-tool/
https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
https://blog.christophetd.fr/building-an-office-macro-to-spoof-process-parent-and-command-line/
https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
https://blog.cloudflare.com/reflections-on-reflections/
https://blog.cloudsploit.com/the-danger-of-unused-aws-regions-af0bf1b878fc
https://blog.cobaltstrike.com/2017/01/24/scripting-matt-nelsons-mmc20-application-lateral-movement-technique/
https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/
https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/
https://blog.compass-security.com/2018/09/hidden-inbox-rules-in-microsoft-exchange/
https://blog.crysys.hu/2013/03/teamspy/
https://blog.cyberint.com/qakbot-banking-trojan
https://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order
https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-process-tree/
https://blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/
https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows
https://blog.fortinet.com/2016/12/16/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-malware
https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
https://blog.f-secure.com/wp-content/uploads/2019/10/CosmicDuke.pdf
https://blog.gdatasoftware.com/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence
https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html
https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
https://blog.google/threat-analysis-group/how-were-tackling-evolving-online-threats/
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
https://blog.google/threat-analysis-group/update-threat-landscape-ukraine
https://blog.group-ib.com/colunmtk_apt41
https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/
https://blog.malwarebytes.com/101/2016/01/the-windows-vaults/
https://blog.malwarebytes.com/cybercrime/2013/10/hiding-in-plain-sight/
https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attack-saudi-arabia-government/
https://blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be-ransomware-after-all/
https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/
https://blog.malwarebytes.com/researchers-corner/2019/09/hacking-with-aws-incorporating-leaky-buckets-osint-workflow/
https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/
https://blog.malwarebytes.com/threat-analysis/2015/11/a-technical-look-at-dyreza/
https://blog.malwarebytes.com/threat-analysis/2015/11/no-money-but-pony-from-a-mail-to-a-trojan-horse/
https://blog.malwarebytes.com/threat-analysis/2016/08/smoke-loader-downloader-with-a-smokescreen-still-alive/
https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/
https://blog.malwarebytes.com/threat-analysis/2017/10/decoy-microsoft-word-document-delivers-malware-through-rat/
https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/
https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/
https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/
https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/
https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/
https://blog.malwarebytes.com/threat-intelligence/2021/04/a-deep-dive-into-saint-bot-downloader/
https://blog.malwarebytes.com/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/
https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/
https://blog.malwarebytes.com/threat-intelligence/2022/01/konni-evolves-into-stealthier-rat/
https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/
https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/
https://blog.morphisec.com/cobalt-gang-2.0
https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/
https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/
https://blog.netspi.com/attacking-sql-server-clr-assemblies/
https://blog.netspi.com/sql-server-persistence-part-1-startup-stored-procedures/
https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
https://blog.nviso.eu/2020/02/04/the-return-of-the-spoof-part-2-command-line-spoofing/
https://blog.qualys.com/vulnerabilities-threat-research/2022/02/08/lolzarus-lazarus-group-incorporating-lolbins-into-campaigns
https://blog.qualys.com/vulnerabilities-threat-research/2022/03/01/ukrainian-targets-hit-by-hermeticwiper-new-datawiper-malware
https://blog.qualys.com/vulnerabilities-threat-research/2022/06/20/defending-against-scheduled-task-attacks-in-windows-environments
https://blog.radware.com/security/2018/07/micropsia-malware/
https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/
https://blog.rapid7.com/2013/08/26/upcoming-g20-summit-fuels-espionage-operations/
https://blog.secureideas.com/2018/04/ever-run-a-relay-why-smb-relays-should-be-on-your-mind.html
https://blog.securelayer7.net/how-to-perform-csv-excel-macro-injection/
https://blog.stealthbits.com/attack-step-3-persistence-ntfs-extended-attributes-file-system-attacks
https://blog.stealthbits.com/cracking-active-directory-passwords-with-as-rep-roasting/
https://blog.stealthbits.com/detect-pass-the-ticket-attacks
https://blog.stealthbits.com/manipulating-user-passwords-with-mimikatz-SetNTLM-ChangeNTLM
https://blog.sucuri.net/2015/08/bind9-denial-of-service-exploit-in-the-wild.html
https://blog.sucuri.net/2018/05/shell-logins-as-a-magento-reinfection-vector.html
https://blog.talosintelligence.com/2017/04/introducing-rokrat.html
https://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html
https://blog.talosintelligence.com/2017/06/palestine-delphi.html
https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html
https://blog.talosintelligence.com/2017/07/template-injection.html
https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
https://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html#More
https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-over.html
https://blog.talosintelligence.com/2018/02/olympic-destroyer.html
https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html
https://blog.talosintelligence.com/2018/05/navrat.html
https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html
https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html#more
https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html
https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html
https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html
https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
https://blog.talosintelligence.com/2019/01/return-of-emotet.html
https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html
https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html
https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html
https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html
https://blog.talosintelligence.com/2020/10/poetrat-update.html
https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html
https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html
https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
https://blog.talosintelligence.com/2021/09/tinyturla.html
https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html
https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html
https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html
https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html
https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html
https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html
https://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html
https://blog.timac.org/2012/1218-simple-code-injection-using-dyld_insert_libraries/
https://blog.timschroeder.net/2013/04/21/smloginitemsetenabled-demystified/
https://blog.trendmicro.com/phishing-starts-inside/
https://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/
https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/
https://blog.trendmicro.com/trendlabs-security-intelligence/attack-using-windows-installer-msiexec-exe-leads-lokibot/
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/
https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-carrying-emails-set-sights-on-russian-speaking-businesses/
https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/
https://blog.trendmicro.com/trendlabs-security-intelligence/control-panel-files-used-as-malicious-attachments/
https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/
https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/
https://blog.trendmicro.com/trendlabs-security-intelligence/info-stealing-file-infector-hits-us-uk/
https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/
https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america/
https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/
https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability/
https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/plead-targeted-attacks-against-taiwanese-government-agencies-2/
https://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/?_ga=2.180041126.367598458.1505420282-1759340220.1502477046
https://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/
https://blog.trendmicro.com/trendlabs-security-intelligence/r980-ransomware-disposable-email-service/
https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/
https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/
https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/
https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-shows-off-new-trick-password-grabber-module/
https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/
https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-the-multifaceted-malware/?_ga=2.165628854.808042651.1508120821-744063452.1505819992
https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/
https://blog.xpnsec.com/aws-lambda-redirector/
https://blog.xpnsec.com/azuread-connect-for-redteam/
https://blog.xpnsec.com/becoming-system/
https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/
https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf
https://blogs.akamai.com/2018/01/a-death-match-of-domain-generation-algorithms.html
https://blogs.blackberry.com/en/2020/01/threat-spotlight-amadey-bot
https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced
https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices
https://blogs.cisco.com/security/talos/angler-domain-shadowing
https://blogs.cisco.com/security/talos/opening-zxshell
https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-command-and-control
https://blogs.forcepoint.com/security-labs/playing-cat-mouse-introducing-felismus-malware
https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html
https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html
https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware
https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/
https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/
https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/
https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/
https://blogs.msdn.microsoft.com/mithuns/2010/03/24/image-file-execution-options-ifeo/
https://blogs.technet.microsoft.com/askcore/2010/08/25/ntfs-file-attributes/
https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/
https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/
https://blogs.technet.microsoft.com/askpfeplat/2016/04/18/the-importance-of-kb2871997-and-kb2928120-for-credential-protection/
https://blogs.technet.microsoft.com/eduardonavarro/2008/07/11/sips-subject-interface-package-and-authenticode/
https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/
https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/
https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/13/group-policy-basics-part-1-understanding-the-structure-of-a-group-policy-object/
https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/
https://blogs.technet.microsoft.com/secguide/2018/12/10/remote-use-of-local-accounts-laps-changes-everything/
https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/
https://blogs.technet.microsoft.com/timmcmic/2015/06/08/exchange-and-office-365-mail-forwarding-2/
https://blogs.vmware.com/security/2020/02/vmware-carbon-black-tau-threat-analysis-shlayer-macos.html
https://blogs.vmware.com/security/2020/06/tau-threat-analysis-bundlore-macos-mm-install-macos.html
https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/
https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/
https://bradleyjkemp.dev/post/launchdaemon-hijacking/
https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/
https://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation
https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
https://cdn.logic-control.com/docs/scadafence/Anatomy-Of-A-Targeted-Ransomware-Attack-WP.pdf
https://cdn.securelist.com/files/2014/07/themysteryofthepdf0-dayassemblermicrobackdoor.pdf
https://cdn2.hubspot.net/hubfs/3354902/Content%20PDFs/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.pdf
https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf
https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf
https://cedowens.medium.com/macos-ms-office-sandbox-brain-dump-4509b5fed49a
https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf
https://ciberseguridad.blog/decodificando-ficheros-rtf-maliciosos/
https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf
https://citizenlab.ca/2015/12/packrat-report/
https://citizenlab.ca/2016/08/group5-syria/
https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://citizenlab.ca/2016/11/parliament-keyboy/
https://citizenlab.ca/2018/08/familiar-feeling-a-malware-campaign-targeting-the-tibetan-diaspora-resurfaces/
https://citizenlab.org/2016/05/stealth-falcon/
https://cloud.google.com/compute/docs/disks/restore-and-delete-snapshots
https://cloud.google.com/compute/docs/instances/create-start-instance#api_2
https://cloud.google.com/compute/docs/reference/rest/v1/instances
https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials
https://cloud.google.com/iam/docs/policies
https://cloud.google.com/iam/docs/service-account-monitoring
https://cloud.google.com/identity/docs/reference/rest
https://cloud.google.com/kms/docs/key-rotation
https://cloud.google.com/logging/docs/audit#admin-activity
https://cloud.google.com/logging/docs/audit/configure-data-access
https://cloud.google.com/sdk/gcloud/reference/compute/instances/add-metadata
https://cloud.google.com/sdk/gcloud/reference/compute/instances/list
https://cloud.google.com/sdk/gcloud/reference/compute/os-login/ssh-keys/add
https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/list
https://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard
https://cloud.google.com/solutions/federating-gcp-with-active-directory-introduction
https://cloud.google.com/storage/docs/best-practices
https://cloud.google.com/vpc/docs/packet-mirroring
https://cloud.google.com/vpc/docs/vpc
https://cloudblogs.microsoft.com/microsoftsecure/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses/?source=mmpc
https://cloudblogs.microsoft.com/microsoftsecure/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/
https://clymb3r.wordpress.com/2013/09/15/intercepting-password-changes-with-function-hooking/
https://cofense.com/nanocore-rat-resurfaced-sewers/
https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/
https://cofense.com/upgrades-delivery-support-infrastructure-revenge-rat-malware-bigger-threat/
https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments
https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954
https://community.rsa.com/community/products/netwitness/blog/2017/08/14/are-you-looking-out-for-forfilesexe-if-you-are-watching-for-cmdexe
https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-queries/121529/live-discover---powershell-command-audit
https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensics
https://confluence.atlassian.com/confkb/how-to-enable-user-access-logging-182943.html
https://content.fireeye.com/apt/rpt-apt38
https://content.fireeye.com/apt-41/rpt-apt41
https://content.fireeye.com/m-trends/rpt-m-trends-2020
https://cpb-us-e1.wpmucdn.com/sites.psu.edu/dist/4/24696/files/2019/07/psumac2019-345-Installer-Package-Scripting-Making-your-deployments-easier-one-at-a-time.pdf
https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report
https://csrc.nist.gov/glossary/term/authentication
https://csrc.nist.gov/glossary/term/Multi_Factor-Authentication
https://cwe.mitre.org/top25/index.html
https://cyber.dhs.gov/assets/report/ar-16-20173.pdf
https://cyberforensicator.com/2019/01/20/silence-dissecting-malicious-chm-files-and-performing-forensic-analysis/
https://cybersecurity.att.com/blogs/labs-research/lazarus-campaign-ttps-and-evolution
https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks
https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera
https://cybersecurity.att.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant
https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot
https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf
https://cybleinc.com/2020/09/26/sidewinder-apt-targets-with-futuristic-tactics-and-techniques/
https://cybleinc.com/2020/10/31/egregor-ransomware-a-deep-dive-into-its-activities-and-techniques/
https://cybleinc.com/2021/01/21/conti-ransomware-resurfaces-targeting-government-large-organizations/
https://cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf
https://cyware.com/news/cyber-attackers-leverage-tunneling-service-to-drop-lokibot-onto-victims-systems-6f610e44
https://cyware.com/news/how-hackers-exploit-social-media-to-break-into-your-company-88e8da8e
https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/
https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/
https://datatracker.ietf.org/doc/html/rfc2131
https://datatracker.ietf.org/doc/html/rfc3315
https://datatracker.ietf.org/doc/html/rfc6143#section-7.2.2
https://devblogs.microsoft.com/vbteam/visual-basic-support-planned-for-net-5-0/
https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf
https://developer.apple.com/documentation/coreservices
https://developer.apple.com/documentation/coreservices/launch_services
https://developer.apple.com/documentation/devicemanagement/loginwindowscripts
https://developer.apple.com/documentation/foundation
https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg
https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection
https://developer.apple.com/documentation/security/hardened_runtime
https://developer.apple.com/documentation/security/keychain_services
https://developer.apple.com/library/archive/documentation/AppleScript/Conceptual/AppleScriptLangGuide/introduction/ASLR_intro.html
https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/NetServices/Introduction.html
https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html
https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/RunpathDependentLibraries.html
https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/TP40009250-SW1
https://developer.apple.com/library/archive/documentation/LanguagesUtilities/Conceptual/MacAutomationScriptingGuide/index.html
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html#//apple_ref/doc/uid/10000172i-SW6-SW1
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CustomLogin.html
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/DesigningDaemons.html
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Overview/CocoaApplicationLayer/CocoaApplicationLayer.html#//apple_ref/doc/uid/TP40001067-CH274-SW1
https://developer.apple.com/library/archive/samplecode/LoginItemsAE/Introduction/Intro.html#//apple_ref/doc/uid/DTS10003788
https://developer.apple.com/library/archive/technotes/tn2459/_index.html
https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html
https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/StartupItems.html
https://developer.apple.com/support/kernel-extensions/
https://developer.chrome.com/extensions
https://developer.okta.com/blog/2018/06/20/what-happens-if-your-jwt-is-stolen
https://dfironthemountain.wordpress.com/2018/12/06/locked-file-access-using-esentutl-exe/
https://digital.nhs.uk/cyber-alerts/2020/cc-3603
https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary
https://digital-forensics.sans.org/summit-archives/2010/35-glyer-apt-persistence-mechanisms.pdf
https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/
https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
https://discussions.apple.com/thread/3991574
https://dl.mandiant.com/EE/assets/PDF_MTrends_2011.pdf
https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-logging
https://dnsdumpster.com/
https://docplayer.net/101655589-Tools-used-by-the-uroburos-actors.html
https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html
https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html
https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html
https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html
https://docs.aws.amazon.com/aws-backup/latest/devguide/logging-using-cloudtrail.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-aws-console-sign-in-events.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/stop-cloudtrail-from-sending-events-to-cloudwatch-logs.html
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html
https://docs.aws.amazon.com/cli/latest/reference/iam/list-users.html
https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html
https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-how-it-works.html
https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers
https://docs.docker.com/engine/api/v1.41/
https://docs.docker.com/engine/api/v1.41/#operation/ImageBuild
https://docs.docker.com/engine/api/v1.41/#tag/Container
https://docs.docker.com/engine/reference/commandline/dockerd/
https://docs.docker.com/engine/reference/commandline/exec/
https://docs.docker.com/engine/reference/commandline/images/
https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime
https://docs.docker.com/engine/security/protect-access/
https://docs.docker.com/engine/security/trust/content_trust/
https://docs.docker.com/get-started/overview/
https://docs.docker.com/storage/bind-mounts/
https://docs.microsoft.com/archive/blogs/gauravseth/the-world-of-jscript-javascript-ecmascript
https://docs.microsoft.com/dotnet/standard/data/xml/xslt-stylesheet-scripting-using-msxsl-script
https://docs.microsoft.com/dotnet/visual-basic/
https://docs.microsoft.com/en-us/archive/blogs/jepayne/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem
https://docs.microsoft.com/en-us/archive/blogs/jepayne/tracking-lateral-movement-part-one-special-groups-and-specific-service-accounts
https://docs.microsoft.com/en-us/archive/blogs/tip_of_the_day/cloud-tip-of-the-day-advanced-way-to-check-domain-availability-for-office-365-and-azure
https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory
https://docs.microsoft.com/en-us/azure/active-directory/governance/conditional-access-exclusion
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs
https://docs.microsoft.com/en-us/azure/backup/backup-azure-monitoring-use-azuremonitor
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity#block-end-user-consent
https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
https://docs.microsoft.com/en-us/azure/storage/blobs/snapshots-overview
https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=windows
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview
https://docs.microsoft.com/en-us/cli/azure/ad/user?view=azure-cli-latest
https://docs.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest#az_monitor_diagnostic_settings_delete
https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.domain.getalltrustrelationships?redirectedfrom=MSDN&view=netframework-4.7.2#System_DirectoryServices_ActiveDirectory_Domain_GetAllTrustRelationships
https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframework-4.8
https://docs.microsoft.com/en-us/dotnet/framework/unmanaged-api/profiling/profiling-overview
https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/address-lists/address-lists?view=exchserver-2019
https://docs.microsoft.com/en-us/exchange/transport-agents-exchange-2013-help
https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/isapicgirestriction/
https://docs.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-modules-overview
https://docs.microsoft.com/en-us/microsoft-365/commerce/manage-partners?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/use-sharing-auditing?view=o365-worldwide#sharepoint-sharing-events
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide
https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide
https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-forms-attack
https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365
https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-ovba/ef7087ac-3974-4452-aab2-7dba2214d239
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/6e3f7352-d11c-4d76-8c39-2516a9df36e8
https://docs.microsoft.com/en-us/powershell/module/exchange/?view=exchange-ps#mailboxes
https://docs.microsoft.com/en-us/powershell/module/exchange/email-addresses-and-address-books/get-globaladdresslist
https://docs.microsoft.com/en-us/powershell/module/exchange/get-inboxrule?view=exchange-ps
https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxpermission?view=exchange-ps
https://docs.microsoft.com/en-us/powershell/module/exchange/new-inboxrule?view=exchange-ps
https://docs.microsoft.com/en-us/powershell/module/exchange/set-inboxrule?view=exchange-ps
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7
https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerShell_exe?view=powershell-5.1
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-6
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/register-wmievent?view=powershell-5.1
https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrole?view=azureadps-1.0
https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrolemember?view=azureadps-1.0
https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.1
https://docs.microsoft.com/en-us/previous-versions//cc723564(v=technet.10)?redirectedfrom=MSDN#XSLTsection127121120120
https://docs.microsoft.com/en-us/previous-versions//fd7hxfdd(v=vs.85)?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-operations-overview
https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ee471451(v=vs.100)
https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524610(v=vs.90)
https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525172(v=vs.90)
https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525696(v=vs.90)
https://docs.microsoft.com/en-us/previous-versions/office/troubleshoot/office-developer/turn-off-visual-basic-for-application
https://docs.microsoft.com/en-us/previous-versions/system-center/operations-manager-2005/cc180803(v=technet.10)
https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/Policy/filtering-the-scope-of-a-gpo
https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653559(v=vs.85)?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961961(v=technet.10)?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj554668(v=ws.11)?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=ws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771525(v=ws.11)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn800668(v=ws.11)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v%3Dws.11)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v=ws.11)#credential-manager-store
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852185(v=ws.11)?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get
https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/update
https://docs.microsoft.com/en-us/rest/api/resources/
https://docs.microsoft.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signature
https://docs.microsoft.com/en-us/rest/api/storageservices/list-blobs
https://docs.microsoft.com/en-us/security-updates/securityadvisories/2010/2269637
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010
https://docs.microsoft.com/en-us/sql/odbc/odbcconf-exe?view=sql-server-2017
https://docs.microsoft.com/en-us/sql/relational-databases/clr-integration/common-language-runtime-integration-overview?view=sql-server-2017
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql?view=sql-server-2017
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
https://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull
https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/what-is-microsoft-management-console
https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-inline-tasks?view=vs-2019#code-element
https://docs.microsoft.com/en-us/windows/desktop/api/dpapi/nf-dpapi-cryptunprotectdata
https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1
https://docs.microsoft.com/en-us/windows/desktop/etw/consuming-events
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts
https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4720
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4738
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/audit-policy
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
https://docs.microsoft.com/en-us/windows/terminal/tutorials/ssh
https://docs.microsoft.com/en-us/windows/win32/api/
https://docs.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-credenumeratea
https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess
https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb
https://docs.microsoft.com/en-us/windows/win32/bits/about-bits
https://docs.microsoft.com/en-us/windows/win32/com/clsid-key-hklm
https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-redirection?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated
https://docs.microsoft.com/en-us/windows/win32/printdocs/addprintprocessor
https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists
https://docs.microsoft.com/en-us/windows/win32/sysinfo/32-bit-and-64-bit-application-data-in-the-registry
https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/windows/win32/wmisdk/managed-object-format--mof-
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-services-registry-tree
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/installing-an-unsigned-driver-during-development-and-test
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/auditpol
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/bcdedit
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/expand
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ftp
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/mmc
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/pubprn
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/shutdown
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin-delete-catalog
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material?redirectedfrom=MSDN
https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group
https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
https://docs.microsoft.com/office/vba/api/overview/
https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_profiles
https://docs.microsoft.com/powershell/module/microsoft.powershell.management/clear-eventlog
https://docs.microsoft.com/previous-versions//1kw29xwf(v=vs.85)
https://docs.microsoft.com/previous-versions/office/developer/office-2007/aa338205(v=office.12)
https://docs.microsoft.com/previous-versions/windows/desktop/htmlhelp/microsoft-html-help-1-4-sdk
https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)
https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941614(v=ws.10)
https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn311461(v=ws.11)
https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)
https://docs.microsoft.com/scripting/winscript/windows-script-interfaces
https://docs.microsoft.com/sysinternals/downloads/reghide
https://docs.microsoft.com/sysinternals/downloads/sigcheck
https://docs.microsoft.com/sysinternals/downloads/sysmon
https://docs.microsoft.com/troubleshoot/windows-server/remote/remove-entries-from-remote-desktop-connection-computer
https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-how-it-works
https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-manage
https://docs.microsoft.com/windows/desktop/etw/event-tracing-portal
https://docs.microsoft.com/windows/desktop/ProcThread/process-creation-flags
https://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces
https://docs.microsoft.com/windows/device-security/security-policy-settings/create-a-token-object
https://docs.microsoft.com/windows/device-security/security-policy-settings/replace-a-process-level-token
https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works
https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4657
https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4697
https://docs.microsoft.com/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
https://docs.microsoft.com/windows/win32/com/translating-to-jscript
https://docs.microsoft.com/windows/win32/controls/list-view-controls-overview
https://docs.microsoft.com/windows/win32/services/service-control-manager
https://docs.microsoft.com/windows/win32/termserv/about-terminal-services
https://docs.microsoft.com/windows-hardware/drivers/debugger/gflags-overview
https://docs.microsoft.com/windows-hardware/drivers/debugger/registry-entries-for-silent-process-exit
https://docs.microsoft.com/windows-hardware/drivers/install/catalog-files
https://docs.microsoft.com/windows-server/administration/windows-commands/assoc
https://docs.microsoft.com/windows-server/administration/windows-commands/bootcfg
https://docs.microsoft.com/windows-server/administration/windows-commands/klist
https://docs.microsoft.com/windows-server/administration/windows-commands/sxstrace
https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil
https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings
https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-top
https://docs.mythic-c2.net/
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-analytics-alert-reference/cortex-xdr-analytics-alert-reference/uncommon-arp-cache-listing-via-arp-exe.html
https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf
https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf
https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf
https://documents.trendmicro.com/assets/white_papers/ExploringEmotetsActivities_Final.pdf
https://documents.trendmicro.com/assets/white_papers/wp-a-deep-dive-into-defacement.pdf
https://documents.trendmicro.com/assets/white_papers/wp-pawn-storm-in-2019.pdf
https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf
https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf
https://documents.trendmicro.com/assets/wp/wp-criminal-hideouts-for-lease.pdf
https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
https://dotnet.microsoft.com/learn/dotnet/what-is-dotnet-framework
https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf
https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf
https://dr4k0nia.github.io/dotnet/coding/2022/08/10/HInvoke-and-avoiding-PInvoke.html?s=03
https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
https://dragos.com/resource/hexane/
https://drive.google.com/file/d/1t0jn3xr4ff2fR30oQAUn_RsWSnMpOAQc
https://drwho.virtadpt.net/images/killing_the_myth_of_cisco_ios_rootkits.pdf
https://eclecticlight.co/2018/05/22/running-at-startup-when-to-use-a-login-item-or-a-launchagent-launchdaemon/
https://eclecticlight.co/2020/08/28/how-notarization-works/
https://eclecticlight.co/2020/10/24/theres-more-to-files-than-data-extended-attributes/
https://eclecticlight.co/2020/10/29/quarantine-and-the-quarantine-flag/
https://eclecticlight.co/2020/11/16/checks-on-executable-code-in-catalina-and-big-sur-a-first-draft/
https://eclecticlight.co/2021/09/16/how-to-run-an-app-or-tool-at-startup/
https://eclypsium.com/wp-content/uploads/2020/12/TrickBot-Now-Offers-TrickBoot-Persist-Brick-Profit.pdf
https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083fb15cb4
https://elis531989.medium.com/the-chronicles-of-bumblebee-the-hook-the-bee-and-the-trickbot-connection-686379311056
https://embracethered.com/blog/posts/2020/shadowbunny-virtual-machine-red-teaming-technique/
https://embracethered.com/blog/posts/2021/spoofing-credential-dialogs/
https://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System
https://en.wikipedia.org/wiki/Active_Directory
https://en.wikipedia.org/wiki/Binary-to-text_encoding
https://en.wikipedia.org/wiki/BIOS
https://en.wikipedia.org/wiki/Booting
https://en.wikipedia.org/wiki/Browser_extension
https://en.wikipedia.org/wiki/Character_encoding
https://en.wikipedia.org/wiki/Code_signing
https://en.wikipedia.org/wiki/Control-flow_integrity
https://en.wikipedia.org/wiki/Duqu
https://en.wikipedia.org/wiki/HTML_Application
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
https://en.wikipedia.org/wiki/IEEE_802.1X
https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution
https://en.wikipedia.org/wiki/List_of_file_signatures
https://en.wikipedia.org/wiki/Loadable_kernel_module#Linux
https://en.wikipedia.org/wiki/Man-in-the-browser
https://en.wikipedia.org/wiki/Microsoft_Windows_library_files
https://en.wikipedia.org/wiki/Onion_routing
https://en.wikipedia.org/wiki/Password_cracking
https://en.wikipedia.org/wiki/Public-key_cryptography
https://en.wikipedia.org/wiki/Pwdump
https://en.wikipedia.org/wiki/Root_certificate
https://en.wikipedia.org/wiki/Rootkit
https://en.wikipedia.org/wiki/Screensaver
https://en.wikipedia.org/wiki/Server_Message_Block
https://en.wikipedia.org/wiki/Shared_resource
https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface
https://en.wikipedia.org/wiki/Visual_Basic_for_Applications
https://en.wikipedia.org/wiki/Windows_Registry
https://enigma0x3.net/2014/01/23/maintaining-access-with-normal-dotm/comment-page-1/
https://enigma0x3.net/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/
https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
https://enigma0x3.net/2016/11/17/bypassing-application-whitelisting-by-using-dnx-exe/
https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/
https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/
https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/
https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/
https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/
https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/
https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript/
https://exatrack.com/public/Tricephalic_Hellkeeper.pdf
https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/
https://expel.io/blog/behind-the-scenes-expel-soc-alert-aws/
https://expel.io/blog/finding-evil-in-aws/
https://expel.io/blog/following-cloudtrail-generating-aws-security-signals-sumo-logic/
https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/
https://fileinfo.com/extension/plist
https://flylib.com/books/en/4.395.1.192/1/
https://forensicswiki.xyz/wiki/index.php?title=Windows_XML_Event_Log_(EVTX)
https://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-template-injection/2104
https://forum.sysinternals.com/appcertdlls_topic12546.html
https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf
https://gallery.technet.microsoft.com/scriptcenter/Kerberos-Golden-Ticket-b4814285
https://gcn.com/cybersecurity/2011/06/rsa-confirms-its-tokens-used-in-lockheed-hack/282818/
https://gibnc.group-ib.com/s/Group-IB_GrimAgent_analysis#pdfviewer
https://gist.github.com/campuscodi/74d0d2e35d8fd9499c76333ce027345a
https://gist.github.com/kaloprominat/6111584
https://gist.github.com/NickTyrer/0598b60112eaafe6d07789f7964290d5
https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b
https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7
https://github.com/AlessandroZ/LaZagne
https://github.com/api0cradle/UltimateAppLockerByPassList
https://github.com/ARMmbed/mbed-crypto
https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/ADFSDomainTrustMods.yaml
https://github.com/Azure/Stormspotter
https://github.com/BishopFox/sliver/
https://github.com/BishopFox/sliver/blob/7489c69962b52b09ed377d73d142266564845297/client/command/filesystem/download.go
https://github.com/BishopFox/sliver/blob/ea329226636ab8e470086a17f13aa8d330baad22/client/command/filesystem/upload.go
https://github.com/BishopFox/sliver/blob/ea329226636ab8e470086a17f13aa8d330baad22/client/command/network/ifconfig.go
https://github.com/BishopFox/sliver/blob/master/implant/sliver/screen/screenshot_windows.go
https://github.com/BishopFox/sliver/tree/58a56a077f0813bb312f9fa4df7453b510c3a73b/implant/sliver/netstat
https://github.com/BishopFox/sliver/tree/master/client/command/filesystem
https://github.com/BishopFox/sliver/wiki/DNS-C2
https://github.com/BishopFox/sliver/wiki/HTTP(S)-C2
https://github.com/BishopFox/sliver/wiki/Transport-Encryption
https://github.com/BloodHoundAD/BloodHound
https://github.com/bontchev/pcodedmp
https://github.com/byt3bl33d3r/CrackMapExec/wiki/SMB-Command-Reference
https://github.com/byt3bl33d3r/SILENTTRINITY
https://github.com/byt3bl33d3r/SILENTTRINITY/tree/master/silenttrinity/core/teamserver/modules/boo
https://github.com/chipsec/chipsec
https://github.com/clarketm/s3recon
https://github.com/D00MFist/PersistentJXA/blob/master/BashProfilePersist.js
https://github.com/dafthack/MailSniper
https://github.com/damianh/aws-adfs-credential-generator
https://github.com/danielbohannon/Invoke-Obfuscation
https://github.com/danielbohannon/Revoke-Obfuscation
https://github.com/decalage2/oletools
https://github.com/dhondta/awesome-executable-packing
https://github.com/dxa4481/truffleHog
https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/modules/python/collection/osx/keychaindump_decrypt.py
https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/modules/python/persistence/osx/CreateHijacker.py
https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1
https://github.com/EmpireProject/Empire/blob/master/lib/modules/python/situational_awareness/host/osx/HijackScanner.py
https://github.com/f0rb1dd3n/Reptile
https://github.com/gaffe23/linux-inject/blob/master/slides_BHArsenal2015.pdf
https://github.com/Genetic-Malware/Ebowla/blob/master/Eko_2016_Morrow_Pitts_Master.pdf
https://github.com/gentilkiwi/kekeo
https://github.com/gentilkiwi/mimikatz
https://github.com/gentilkiwi/mimikatz/issues/92
https://github.com/gentilkiwi/mimikatz/wiki/howto-~-credential-manager-saved-credentials
https://github.com/gentilkiwi/mimikatz/wiki/module-~-kerberos
https://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump
https://github.com/GhostPack/Certify/
https://github.com/GhostPack/KeeThief
https://github.com/GhostPack/PSPKIAudit
https://github.com/GhostPack/SharpDPAPI#certificates
https://github.com/gremwell/o365enum
https://github.com/gtworek/PSBits/tree/master/NoRunDll
https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module3/Module3_2_fingerprinting.pdf
https://github.com/hfiref0x/TDL
https://github.com/hfiref0x/UACME
https://github.com/hob0/hashjacking
https://github.com/huntergregal/mimipenguin
https://github.com/iadgov/Secure-Host-Baseline/blob/master/Windows/Group%20Policy%20Templates/en-US/SecGuide.adml
https://github.com/iadgov/Secure-Host-Baseline/tree/master/Credential%20Guard
https://github.com/iadgov/Secure-Host-Baseline/tree/master/EMET
https://github.com/inguardians/peirates
https://github.com/itsreallynick/office-crackros
https://github.com/jaredhaight/PSAttack
https://github.com/jay/gethooks
https://github.com/Kevin-Robertson/Conveigh
https://github.com/Kevin-Robertson/Inveigh
https://github.com/kgretzky/evilginx2
https://github.com/LOLBAS-Project/LOLBAS#criteria
https://github.com/LordNoteworthy/al-khaser/tree/master/al-khaser/AntiDebug
https://github.com/m0nad/Diamorphine
https://github.com/madler/zlib
https://github.com/mattifestation/PoCSubjectInterfacePackage
https://github.com/mattifestation/PowerSploit
https://github.com/michenriksen/gitrob
https://github.com/muraenateam/muraena
https://github.com/n1nj4sec/pupy
https://github.com/nccgroup/demiguise/blob/master/examples/virginkey.js
https://github.com/nccgroup/redsnarf
https://github.com/Neohapsis/creddump7
https://github.com/nettitude/PoshC2_Python
https://github.com/nomex/nbnspoof
https://github.com/nsacyber/Mitigating-Web-Shells
https://github.com/OmerYa/Invisi-Shell
https://github.com/outflankbv/NetshHelperBeacon
https://github.com/peewpw/Invoke-PSImage
https://github.com/PowerShellEmpire/Empire
https://github.com/PowerShellMafia/PowerSploit
https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-NinjaCopy.ps1
https://github.com/prekageo/winhook
https://github.com/processhacker/processhacker
https://github.com/putterpanda/mimikittenz
https://github.com/quasar/QuasarRAT
https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/ssh
https://github.com/rapid7/meterpreter/tree/master/source/extensions/priv/server/elevate
https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md
https://github.com/RhinoSecurityLabs/ccat
https://github.com/RhinoSecurityLabs/pacu
https://github.com/ryhanson/phishery
https://github.com/scottlundgren/w32time
https://github.com/sensepost/notruler
https://github.com/sensepost/ruler
https://github.com/shellster/DCSYNCMonitor
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/registry/registry_delete/registry_delete_removal_sd_value_scheduled_task_hide.yml
https://github.com/SpiderLabs/Responder
https://github.com/stascorp/rdpwrap
https://github.com/TheWover/CertStealer
https://github.com/TheWover/donut
https://github.com/True-Demon/raindance
https://github.com/Twi1ight/AD-Pentest-Script/blob/master/wmiexec.vbs
https://github.com/vxunderground/VX-API/tree/main/Anti%20Debug
https://github.com/zephrax/linux-pam-backdoor
https://github.com/zerosum0x0/koadic
https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN
https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/grd-settings.c#L207
https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/org.gnome.desktop.remote-desktop.gschema.xml.in
https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html
https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.88_ENG.pdf
https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
https://go.kaspersky.com/rs/802-IJN-240/images/TR_BlackCat_Report.pdf
https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf
https://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html
https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/
https://groupib.pathfactory.com/ransomware-reports/prolock_wp
https://gtfobins.github.io/#+suid
https://gtfobins.github.io/gtfobins/at/
https://gtfobins.github.io/gtfobins/split/
https://helgeklein.com/blog/2010/04/active-setup-explained/
https://help.realvnc.com/hc/en-us/articles/360002250097-Setting-up-System-Authentication
https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/
https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html
https://hub.dragos.com/hubfs/Year-in-Review/Dragos_2020_ICS_Cybersecurity_Year_In_Review.pdf?hsCtaTracking=159c0fc3-92d8-425d-aeb8-12824f2297e8%7Cf163726d-579b-4996-9a04-44e5a124d770
https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Anatomy-Of-Native-Iis-Malware-wp.pdf
https://images.apple.com/remotedesktop/pdf/ARD_Admin_Guide_v3.3.pdf
https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation
https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence--22
https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html
https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html
https://int0x33.medium.com/day-70-hijacking-vnc-enum-brute-access-and-crack-d3d18a4601cc
https://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/
https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/
https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-and-cracking-mscash-cached-domain-credentials
https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsa-secrets
https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464
https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/https:/threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/)
https://isc.sans.edu/forums/diary/new+rogueDHCP+server+malware/6025/
https://itm4n.github.io/windows-registry-rpceptmapper-eop/
https://itsyndicate.org/blog/disabling-dangerous-php-functions/
https://jon-gabilondo-angulo-7635.medium.com/how-to-inject-code-into-mach-o-apps-part-ii-ddb13ebc8191
https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf
https://kifarunix.com/scheduling-tasks-using-at-command-in-linux/
https://kjaer.io/extension-malware/
https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/
https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/
https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/
https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
https://krebsonsecurity.com/2018/11/that-domain-you-forgot-to-renew-yeah-its-now-stealing-credit-cards/
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/
https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/
https://kubernetes.io/docs/concepts/overview/kubernetes-api/
https://kubernetes.io/docs/concepts/security/controlling-access/
https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
https://kubernetes.io/docs/concepts/workloads/controllers/job/
https://kubernetes.io/docs/reference/access-authn-authz/authorization/
https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/
https://lab52.io/blog/wirte-group-attacking-the-middle-east/
https://labs.bishopfox.com/tech-blog/sliver
https://labs.bitdefender.com/2020/04/oil-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec-deal/
https://labs.bitdefender.com/2020/05/iranian-chafer-apt-targeted-air-transportation-and-government-in-kuwait-and-saudi-arabia/
https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/
https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf
https://labs.ft.com/2013/05/a-sobering-day/?mhq5j=e6
https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/
https://labs.portcullis.co.uk/download/eu-18-Wadhwa-Brown-Where-2-worlds-collide-Bringing-Mimikatz-et-al-to-UNIX.pdf
https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/
https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/
https://labs.sentinelone.com/fin6-frameworkpos-point-of-sale-malware-analysis-internals-2/
https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/
https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/c41e062d-f764-4f13-bd4f-ea812ab9a4d1
https://letsencrypt.org/docs/faq/
https://libzip.org/
https://linux.die.net/man/1/bash
https://linux.die.net/man/1/ftp
https://linux.die.net/man/8/pam_unix
https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/
https://linuxhint.com/list-usb-devices-linux/
https://lists.archlinux.org/pipermail/aur-general/2018-July/034153.html
https://lockstepgroup.com/blog/monitor-dhcp-scopes-and-detect-man-in-the-middle-attacks/
https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/
https://logrhythm.com/blog/do-you-trust-your-computer/
https://lolbas-project.github.io/
https://lolbas-project.github.io/#t1105
https://lolbas-project.github.io/lolbas/Binaries/Certutil/
https://lolbas-project.github.io/lolbas/Binaries/Diantz/
https://lolbas-project.github.io/lolbas/Binaries/Esentutl/
https://lolbas-project.github.io/lolbas/Binaries/Expand/
https://lolbas-project.github.io/lolbas/Binaries/Installutil/
https://lolbas-project.github.io/lolbas/Binaries/Mavinject/
https://lolbas-project.github.io/lolbas/Binaries/Msbuild/
https://lolbas-project.github.io/lolbas/Binaries/Mshta/
https://lolbas-project.github.io/lolbas/Binaries/Msiexec/
https://lolbas-project.github.io/lolbas/Binaries/Odbcconf/
https://lolbas-project.github.io/lolbas/Binaries/Regasm/
https://lolbas-project.github.io/lolbas/Binaries/Regsvcs/
https://lolbas-project.github.io/lolbas/Binaries/Regsvr32/
https://lolbas-project.github.io/lolbas/Binaries/Verclsid/
https://lolbas-project.github.io/lolbas/Binaries/Wmic/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Tracker/
https://lwn.net/Articles/604515/
https://mackeeper.com/blog/post/610-macos-bundlore-adware-analysis/
https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
https://malware.news/t/using-outlook-forms-for-lateral-movement-and-persistence/13746
https://malwareunicorn.org/workshops/macos_dylib_injection.html#5
https://man7.org/linux/man-pages//man7/libc.7.html
https://man7.org/linux/man-pages/man1/at.1p.html
https://man7.org/linux/man-pages/man1/mailx.1p.html
https://man7.org/linux/man-pages/man1/split.1.html
https://manpages.debian.org/testing/nbtscan/nbtscan.1.en.html
https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident
https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_Turla_20191021%20ver%204%20-%20nsa.gov.pdf
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF 
https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/08/07172148/ShadowPad_technical_description_PDF.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07195002/KL_AdwindPublicReport_2016.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_APT_eng.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070305/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080105/KL_Epic_Turla_Technical_Appendix_20140806.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134940/kaspersky-lab-gauss.pdf
https://medium.com/@bwtech789/outlook-today-homepage-persistence-33ea9b505943
https://medium.com/@chenerlich/the-avast-abuser-metamorfo-banking-malware-hides-by-abusing-avast-executable-ac9b8b392767
https://medium.com/@galolbardes/learn-how-easy-is-to-bypass-firewalls-using-dns-tunneling-and-also-how-to-block-it-3ed652f4a000
https://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be
https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2
https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6
https://medium.com/@threathuntingteam/msxsl-exe-and-wmic-exe-a-way-to-proxy-code-execution-8d524f642b75
https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
https://medium.com/daniel-grzelak/backdooring-an-aws-account-da007d36f8f9
https://medium.com/d-hunter/a-look-into-konni-2019-campaign-b45a0f321e9b
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
https://medium.com/rvrsh3ll/operating-with-empyre-ea764eda3363
https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3
https://medium.com/stage-2-security/anchor-dns-malware-family-goes-cross-platform-d807ba13ca30
https://medium.com/swlh/investigating-the-use-of-vhd-files-by-cybercriminals-3f1f08304316
https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96
https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278
https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2
https://modexp.wordpress.com/2019/04/25/seven-window-injection-methods/
https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/
https://msdn.microsoft.com/en-us/library/04za0hca.aspx
https://msdn.microsoft.com/en-us/library/50614e95.aspx
https://msdn.microsoft.com/en-US/library/aa375365
https://msdn.microsoft.com/en-us/library/aa394582.aspx
https://msdn.microsoft.com/en-us/library/dn280412
https://msdn.microsoft.com/en-us/library/ms649012
https://msdn.microsoft.com/en-us/library/ms677626.aspx
https://msdn.microsoft.com/en-us/library/ms679687.aspx
https://msdn.microsoft.com/en-us/library/tzat5yw6.aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/aa446617(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms694331(v=vs.85).aspx
https://msdn.microsoft.com/en-us/vba/office-shared-vba/articles/getting-started-with-vba-in-office
https://msdn.microsoft.com/library/aa362813.aspx
https://msdn.microsoft.com/library/cc228086.aspx
https://msdn.microsoft.com/library/cc237008.aspx
https://msdn.microsoft.com/library/cc245496.aspx
https://msdn.microsoft.com/library/cc422924.aspx
https://msdn.microsoft.com/library/dd207691.aspx
https://msdn.microsoft.com/library/dd393574.aspx
https://msdn.microsoft.com/library/ms536471.aspx
https://msdn.microsoft.com/library/ms537359.aspx
https://msdn.microsoft.com/library/ms677949.aspx
https://msdn.microsoft.com/library/ms677982.aspx
https://msdn.microsoft.com/library/ms679833.aspx
https://msdn.microsoft.com/library/ms694363.aspx
https://msdn.microsoft.com/library/system.diagnostics.eventlog.clear.aspx
https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx
https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx
https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx
https://msdn.microsoft.com/library/windows/desktop/aa388208.aspx
https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx
https://msdn.microsoft.com/library/windows/desktop/bb968806.aspx
https://msdn.microsoft.com/library/windows/desktop/cc144185.aspx
https://msdn.microsoft.com/library/windows/desktop/dd979526.aspx
https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx
https://msdn.microsoft.com/library/windows/desktop/ms633574.aspx
https://msdn.microsoft.com/library/windows/desktop/ms633584.aspx
https://msdn.microsoft.com/library/windows/desktop/ms633591.aspx
https://msdn.microsoft.com/library/windows/desktop/ms644953.aspx
https://msdn.microsoft.com/library/windows/desktop/ms644959.aspx
https://msdn.microsoft.com/library/windows/desktop/ms649053.aspx
https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx
https://msdn.microsoft.com/library/windows/desktop/ms681951.aspx
https://msdn.microsoft.com/library/windows/desktop/ms686701.aspx
https://msdn.microsoft.com/library/windows/desktop/ms721766.aspx
https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx
https://msdn.microsoft.com/library/windows/hardware/ff559951.aspx
https://msdn.microsoft.com/ms724961.aspx
https://msdn.microsoft.com/windows/desktop/ms524405
https://msdn.microsoft.com/windows/desktop/ms644670
https://msitpros.com/?p=3909
https://msitpros.com/?p=3960
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732
https://msrc-blog.microsoft.com/2010/08/23/more-information-about-the-dll-preloading-remote-attack-vector/
https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/
https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/
https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/
https://nedinthecloud.com/2019/07/16/demystifying-azure-ad-service-principals/
https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/
https://news.sophos.com/en-us/2016/05/03/location-based-ransomware-threat-research/
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/
https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/
https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/
https://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/
https://nmap.org/book/firewalls.html
https://nodejs.org/
https://nsfocusglobal.com/attack-and-defense-around-powershell-event-logging/
https://nvd.nist.gov/
https://nvd.nist.gov/vuln/detail/CVE-2014-7169
https://nvd.nist.gov/vuln/detail/CVE-2016-6662
https://nvd.nist.gov/vuln/detail/CVE-2017-0176
https://nvd.nist.gov/vuln/detail/CVE-2019-3610
https://o365blog.com/aadinternals
https://o365blog.com/post/bprt/
https://o365blog.com/post/deviceidentity/
https://o365blog.com/post/devices/
https://o365blog.com/post/federation-vulnerability/
https://o365blog.com/post/just-looking
https://o365blog.com/post/just-looking/
https://o365blog.com/post/mdm
https://o365blog.com/post/on-prem_admin/
https://objective-see.com/blog/blog_0x25.html
https://objective-see.com/blog/blog_0x26.html
https://objective-see.com/blog/blog_0x2A.html
https://objective-see.com/blog/blog_0x31.html
https://objective-see.com/blog/blog_0x3B.html
https://objective-see.com/blog/blog_0x3D.html
https://objective-see.com/blog/blog_0x44.html
https://objective-see.com/blog/blog_0x46.html
https://objective-see.com/blog/blog_0x48.html
https://objective-see.com/blog/blog_0x4E.html
https://objective-see.com/blog/blog_0x59.html
https://objective-see.com/blog/blog_0x60.html
https://objective-see.com/blog/blog_0x68.html
https://objective-see.org/blog/blog_0x49.html
https://objective-see.org/blog/blog_0x69.html
https://obscuresecurity.blogspot.co.uk/2012/05/gpp-password-retrieval-with-powershell.html
https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/
https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/
https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/
https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
https://offsec.almond.consulting/UAC-bypass-dotnet.html
https://opensource.apple.com/source/dovecot/dovecot-239/dovecot/doc/wiki/PasswordDatabase.PAM.txt
https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf
https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/
https://ossmann.blogspot.com/2011/02/throwing-star-lan-tap.html
https://outflank.nl/blog/2018/08/14/html-smuggling-explained/
https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/
https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective/
https://owasp.org/www-community/attacks/CSV_Injection
https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf
https://pages.nist.gov/800-63-3/sp800-63b.html
https://pan-unit42.github.io/playbook_viewer/
https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf
https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2016/2016.02.29.Turbo_Campaign_Derusbi/TA_Fidelis_Turbo_1602_0.pdf
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.msdcc2.html
https://patchwork.kernel.org/patch/8754821/
https://pdfs.semanticscholar.org/2721/3d206bc3c1e8c229fb4820b6af09e7f975da.pdf
https://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411
https://pentestlab.blog/2012/10/30/attacking-vnc-servers/
https://pentestlab.blog/2017/04/03/token-manipulation/
https://pentestlab.blog/2017/04/19/stored-credentials/
https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/
https://pikeralpha.wordpress.com/2017/08/29/user-approved-kernel-extension-loading/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625
https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021
https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications
https://posts.specterops.io/a-guide-to-attacking-domain-trusts-971e52cb2944
https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
https://posts.specterops.io/certified-pre-owned-d95910965cd2
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://posts.specterops.io/head-in-the-clouds-bd038bb69e48
https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
https://posts.specterops.io/host-based-threat-modeling-indicator-design-a9dbbb53d5ea
https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e
https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
https://posts.specterops.io/through-the-looking-glass-part-1-f539ae308512
https://posts.specterops.io/when-kirbi-walks-the-bifrost-4c727807744f
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/
https://practical365.com/clients/office-365-proplus/outlook-cached-mode-ost-file-sizes/
https://published-prd.lanyonevents.com/published/rsaus17/sessionsFiles/5009/HTA-F02-Detecting-and-Responding-to-Advanced-Threats-within-Exchange-Environments.pdf
https://pypi.org/project/rarfile/
https://rclone.org
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
https://reaqta.com/2017/12/mavinject-microsoft-injector/
https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/
https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpi.pdf
https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Visiting-The-Snake-Nest.pdf
https://redcanary.com/blog/blue-mockingbird-cryptominer/
https://redcanary.com/blog/clipping-silver-sparrows-wings/
https://redcanary.com/blog/cor_profiler-for-persistence/
https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/
https://redcanary.com/blog/mac-application-bundles/
https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/
https://redcanary.com/blog/rclone-mega-extortion/
https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/
https://redcanary.com/blog/verclsid-exe-threat-detection/
https://redcanary.com/threat-detection-report/threats/qbot/
https://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse
https://redsiege.com/kerberoast-slides
https://research.checkpoint.com/2019/microsoft-management-console-mmc-vulnerabilities/
https://research.checkpoint.com/2019/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/
https://research.checkpoint.com/2020/bandook-signed-delivered/
https://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/
https://research.checkpoint.com/2020/ransomware-alert-pay2key/
https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/
https://research.checkpoint.com/2020/warzone-behind-the-enemy-lines/
https://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-tools/
https://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/
https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/
https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/
https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/
https://research.checkpoint.com/2021/the-story-of-jian/
https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/
https://research.checkpoint.com/speakup-a-new-undetected-backdoor-linux-trojan/
https://research.nccgroup.com/2017/08/08/smuggling-hta-files-in-internet-explorer-edge/
https://research.nccgroup.com/2018/03/10/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/
https://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/
https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/
https://research.nccgroup.com/2018/11/08/rokrat-analysis/
https://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/
https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/
https://research.nccgroup.com/2020/11/18/ta505-a-brief-history-of-their-time/
https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/
https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant/
https://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/
https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/
https://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/
https://researchcenter.paloaltonetworks.com/2016/02/nanocorerat-behind-an-increase-in-tax-themed-phishing-e-mails/
https://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
https://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/
https://researchcenter.paloaltonetworks.com/2016/07/unit42-technical-walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/
https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/
https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/
https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/
https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/
https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/
https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/
https://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/
https://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/
https://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/
https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/
https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/
https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/
https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/
https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/
https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/
https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/
https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/
https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/
https://researchcenter.paloaltonetworks.com/2018/02/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/
https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/
https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/
https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/
https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/
https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/
https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/
https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/
https://researchcenter.paloaltonetworks.com/2018/08/unit42-darkhydrus-uses-phishery-harvest-credentials-middle-east/
https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie/
https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/
https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/
https://researchcenter.paloaltonetworks.com/2018/11/unit42-new-wine-old-bottle-new-azorult-variant-found-findmyname-campaign-using-fallout-exploit-kit/
https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/
https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf?mkt_tok=MDAzLVlSVS0zMTQAAAF_PIlmhNTaG2McG4X_foM-cIr20UfyB12MIQ10W0HbtMRwxGOJaD0Xj6CRTNg_S-8KniRxtf9xzhz_ACvm_TpbJAIgWCV8yIsFgbhb8cuaZA
https://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-1/#gref
https://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-2/#gref
https://resources.infosecinstitute.com/spoof-using-right-to-left-override-rtlo-technique-2/
https://rewtin.blogspot.ch/2017/11/abusing-user-shares-for-efficient.html
https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/
https://rhinosecuritylabs.com/aws/assume-worst-aws-assume-role-enumeration
https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/
https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/
https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/
https://rhinosecuritylabs.com/gcp/google-cloud-platform-gcp-bucket-enumeration/
https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/
https://richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/
https://riskiq.com/blog/labs/magecart-british-airways-breach/
https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf
https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf
https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins
https://scadahacker.com/library/Documents/Cyber_Events/McAfee%20-%20Night%20Dragon%20-%20Global%20Energy%20Cyberattacks.pdf
https://scriptingosx.com/2019/06/moving-to-zsh-part-2-configuration-files/
https://sebdraven.medium.com/babuk-is-distributed-packed-78e2f5dd2e62
https://seclists.org/fulldisclosure/2015/Dec/34
https://sectools.org/tool/nbtscan/
https://securelist.com/ad-blocker-with-miner-included/101105/
https://securelist.com/agent-btz-a-source-of-inspiration/58551/
https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/
https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/
https://securelist.com/apt-trends-report-q1-2020/96826/
https://securelist.com/apt-trends-report-q1-2021/101967
https://securelist.com/apt-trends-report-q2-2017/79332/
https://securelist.com/a-slice-of-2017-sofacy-activity/83930/
https://securelist.com/bad-rabbit-ransomware/82851/
https://securelist.com/be2-custom-plugins-router-abuse-and-target-profiles/67353/
https://securelist.com/be2-extraordinary-plugins-siemens-targeting-dev-fails/68838/
https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/
https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/
https://securelist.com/calisto-trojan-for-macos/86543/
https://securelist.com/chafer-used-remexi-malware/89538/
https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/
https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/
https://securelist.com/darkhotels-attacks-in-2015/71713/
https://securelist.com/darkvishnya/89169/
https://securelist.com/dridex-a-history-of-evolution/78531/
https://securelist.com/el-machete/66108/
https://securelist.com/evolution-of-jsworm-ransomware/102428/
https://securelist.com/faq-the-projectsauron-apt/75533/
https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/
https://securelist.com/fileless-attacks-against-enterprise-networks/77403/
https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf
https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf
https://securelist.com/files/2016/07/The-ProjectSauron-APT_Technical_Analysis_KL.pdf
https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/
https://securelist.com/flame-bunny-frog-munch-and-beetlejuice-2/32855/
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
https://securelist.com/introducing-whitebear/81638/
https://securelist.com/lazarus-threatneedle/100803/
https://securelist.com/lazarus-under-the-hood/77908/
https://securelist.com/luckymouse-hits-national-data-center/86083/
https://securelist.com/malicious-tasks-in-ms-sql-server/92167/
https://securelist.com/muddywater/88059/
https://securelist.com/my-name-is-dtrack/93338/
https://securelist.com/octopus-infested-seas-of-central-asia/88200/
https://securelist.com/old-malware-tricks-to-bypass-detection-in-the-age-of-big-data/78010/
https://securelist.com/operation-applejeus/87553/
https://securelist.com/operation-daybreak/75100/
https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/
https://securelist.com/project-tajmahal/90240/
https://securelist.com/qakbot-technical-analysis/103931/
https://securelist.com/recent-cloud-atlas-activity/92016/
https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
https://securelist.com/shadowpad-in-corporate-networks/81432/
https://securelist.com/sodin-ransomware/91473/
https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
https://securelist.com/the-banking-trojan-emotet-detailed-analysis/69560/
https://securelist.com/the-dropping-elephant-actor/75328/
https://securelist.com/the-epic-turla-operation/65545/
https://securelist.com/the-flame-questions-and-answers-51/34344/
https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/
https://securelist.com/the-penquin-turla-2/67962/
https://securelist.com/the-silence/83009/
https://securelist.com/the-tetrade-brazilian-banking-malware/97779/
https://securelist.com/the-ventir-trojan-assemble-your-macos-spy/67267/
https://securelist.com/transparent-tribe-part-1/98127/
https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/
https://securelist.com/whos-really-spreading-through-the-bright-star/68978/
https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/
https://securelist.com/winnti-more-than-just-a-game/37029/
https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044
https://securelist.com/zero-day-vulnerability-in-telegram/83800/
https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/
https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/
https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/
https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/
https://securingtomorrow.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacks/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/stopping-malware-fake-virtual-machine/
https://security.berkeley.edu/node/94
https://security.stackexchange.com/questions/17904/what-are-the-methods-to-find-hooked-functions-and-apis
https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html
https://securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html
https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/
https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/
https://securityintelligence.com/posts/from-mega-to-giga-cross-version-comparison-of-top-megacortex-modifications/
https://securityintelligence.com/posts/grandoreiro-malware-now-targeting-banks-in-spain/
https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/
https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/
https://securityintelligence.com/posts/observations-of-itg07-cyber-operations/
https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/
https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/
https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/
https://securitytrails.com/blog/google-hacking-techniques
https://sensepost.com/blog/2016/powershell-c-sharp-and-dde-the-power-within/
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://sensepost.com/blog/2017/outlook-forms-and-shells/
https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
https://shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf
https://shodan.io
https://silentbreaksecurity.com/malicious-outlook-rules/
https://silentbreaksecurity.com/powershell-jobs-without-powershell-exe/
https://skanthak.homepage.t-online.de/sentinel.html
https://social.technet.microsoft.com/Forums/en-US/e5bca729-52e7-4fcb-ba12-3225c564674c/scheduled-tasks-history-retention-settings?forum=winserver8gen
https://social.technet.microsoft.com/wiki/contents/articles/12229.windows-system-services-fundamentals.aspx
https://social.technet.microsoft.com/wiki/contents/articles/23559.kerberos-pre-authentication-why-it-should-not-be-disabled.aspx
https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx
https://socprime.com/blog/rule-of-the-week-possible-malicious-file-double-extension/
https://sophosnews.files.wordpress.com/2012/04/zeroaccess2.pdf
https://source.winehq.org/WineAPI/samlib.html
https://speakerdeck.com/patrickwardle/defcon-2017-death-by-1000-installers-its-all-broken?slide=8
https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1
https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html
https://specifications.freedesktop.org/desktop-entry-spec/1.2/ar01s06.html
https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
https://ss64.com/bash/trap.html
https://ss64.com/nt/nltest.html
https://ss64.com/osx/launchctl.html
https://ss64.com/osx/system_profiler.html
https://staaldraad.github.io/2017/08/02/o356-phishing-with-oauth/
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43824.pdf
https://stealthbits.com/blog/how-to-detect-overpass-the-hash-attacks/
https://strontic.github.io/xcyclopedia/library/auditpol.exe-214E0EA1F7F7C27C82D23F183F9D23F1.html
https://success.trendmicro.com/solution/000283381
https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technical-s03-youve-got-mail.pdf
https://summitroute.com/blog/2018/09/24/investigating_malicious_amis/
https://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu
https://support.apple.com/en-us/HT201710
https://support.apple.com/en-us/HT203998
https://support.apple.com/en-us/HT204005
https://support.apple.com/en-us/HT209161
https://support.apple.com/guide/deployment/system-and-kernel-extensions-in-macos-depa5fb8376f/web
https://support.apple.com/guide/mac-help/open-items-automatically-when-you-log-in-mh15189/mac
https://support.apple.com/guide/mail/reply-to-forward-or-redirect-emails-mlhlp1010/mac
https://support.apple.com/guide/mail/use-rules-to-manage-emails-you-receive-mlhlp1017/mac
https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac
https://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1
https://support.apple.com/HT208050
https://support.google.com/a/answer/166870?hl=en
https://support.google.com/a/answer/7223765?hl=en
https://support.google.com/cloudidentity/answer/7332836?hl=en&ref_topic=7558554
https://support.malwarebytes.com/docs/DOC-2295
https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs
https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a
https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevati
https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections
https://support.microsoft.com/en-us/help/556003
https://support.microsoft.com/en-us/kb/197571
https://support.microsoft.com/en-us/kb/249873
https://support.microsoft.com/en-us/kb/310105
https://support.microsoft.com/en-us/kb/967715
https://support.microsoft.com/en-us/office/manage-email-messages-by-using-rules-c24f5dea-9465-4df4-ad17-a50704d66c59
https://support.microsoft.com/en-us/topic/partners-offer-delegated-administration-26530dc0-ebba-415b-86b1-b55bc06b073e?ui=en-us&rs=en-us&ad=us
https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-10-92c27cff-db89-8644-1ce4-b3e5e56fe234
https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-systems
https://support.microsoft.com/help/303972/how-to-grant-the-replicating-directory-changes-permission-for-the-micr
https://support.office.com/article/Add-or-remove-add-ins-0af570c4-5cf3-4fa9-9b88-403625a0b460
https://support.office.com/article/Change-the-Normal-template-Normal-dotm-06de294b-d216-47f6-ab77-ccb5166f98ea
https://support.office.com/article/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6
https://support.office.com/en-us/article/add-another-admin-f693489f-9f55-4bd0-a637-a81ce93de22d
https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2
https://support.office.com/en-us/article/introduction-to-outlook-data-files-pst-and-ost-222eaf92-a995-45d9-bde2-f331f60e2790
https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653
https://support.passware.com/hc/en-us/articles/4573379868567-A-Deep-Dive-into-Apple-Keychain-Decryption
https://svch0st.medium.com/event-log-tampering-part-1-disrupting-the-eventlog-service-8d4b7d67335c
https://symantec.broadcom.com/hubfs/Attacks-Against-Government-Sector.pdf
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-alphv-rust-ransomware
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-data
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/whitefly-espionage-singapore
https://symantec-enterprise-blogs.security.com/sites/default/files/2018-04/Orangeworm%20IOCs.pdf
https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/
https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf
https://taomm.org/vol1/pdfs.html
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/rule-your-inbox-with-microsoft-cloud-app-security/ba-p/299154
https://techcrunch.com/2019/08/12/iphone-charging-cable-hack-computer-def-con/
https://technet.microsoft.com/bb490716.aspx
https://technet.microsoft.com/bb490717.aspx
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential-guard
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/how-user-account-control-works
https://technet.microsoft.com/en-us/library/bb490864.aspx
https://technet.microsoft.com/en-us/library/bb490866.aspx
https://technet.microsoft.com/en-us/library/bb490880.aspx
https://technet.microsoft.com/en-us/library/bb490886.aspx
https://technet.microsoft.com/en-us/library/bb490947.aspx
https://technet.microsoft.com/en-us/library/bb490968.aspx
https://technet.microsoft.com/en-us/library/bb490994.aspx
https://technet.microsoft.com/en-us/library/bb490996.aspx
https://technet.microsoft.com/en-us/library/bb491007.aspx
https://technet.microsoft.com/en-us/library/bb491010.aspx
https://technet.microsoft.com/en-us/library/cc700828.aspx
https://technet.microsoft.com/en-us/library/cc731150.aspx
https://technet.microsoft.com/en-us/library/cc732643.aspx
https://technet.microsoft.com/en-us/library/cc732713.aspx
https://technet.microsoft.com/en-us/library/cc732952.aspx
https://technet.microsoft.com/en-us/library/cc754272(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/cc754820.aspx
https://technet.microsoft.com/en-us/library/cc755121.aspx
https://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc759136(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc771049.aspx
https://technet.microsoft.com/en-us/library/cc772408.aspx
https://technet.microsoft.com/en-us/library/cc772540(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc785125.aspx
https://technet.microsoft.com/en-us/library/cc787851.aspx
https://technet.microsoft.com/en-us/library/dn408187.aspx
https://technet.microsoft.com/en-us/library/dn487450.aspx
https://technet.microsoft.com/en-us/library/dn487457.aspx
https://technet.microsoft.com/en-us/library/dn535501.aspx
https://technet.microsoft.com/en-us/library/ee791851.aspx
https://technet.microsoft.com/en-us/library/security/ms14-068.aspx
https://technet.microsoft.com/en-US/magazine/2009.07.uac.aspx
https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx
https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
https://technet.microsoft.com/en-us/sysinternals/bb963902
https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/manage/component-updates/command-line-process-auditing
https://technet.microsoft.com/library/bb490939.aspx
https://technet.microsoft.com/library/cc732443.aspx
https://technet.microsoft.com/library/cc755321.aspx
https://technet.microsoft.com/library/cc770880.aspx
https://technet.microsoft.com/library/cc771387.aspx
https://technet.microsoft.com/library/cc794757.aspx
https://technet.microsoft.com/library/cc835085.aspx
https://technet.microsoft.com/library/cc938799.aspx
https://technet.microsoft.com/library/cc958811.aspx
https://technet.microsoft.com/library/cc961760.aspx
https://technet.microsoft.com/library/dd252791.aspx
https://technet.microsoft.com/library/dd315590.aspx
https://technet.microsoft.com/library/dd939934.aspx
https://technet.microsoft.com/library/dn221960.aspx
https://technet.microsoft.com/library/dn408187.aspx
https://technet.microsoft.com/library/ee617241.aspx
https://technet.microsoft.com/library/jj852168.aspx
https://technet.microsoft.com/library/jj865668.aspx
https://technet.microsoft.com/library/security/4053440
https://technet.microsoft.com/windows-server-docs/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings
https://thedfirreport.com/2020/10/08/ryuks-return/
https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/
https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/
https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell
https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
https://theevilbit.github.io/posts/dyld_insert_libraries_dylib_injection_in_macos_osx_deep_dive/
https://theevilbit.github.io/posts/gatekeeper_not_a_bypass/
https://thehackernews.com/2018/06/chinese-watering-hole-attack.html
https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html
https://thehackernews.com/2022/04/into-breach-breaking-down-3-saas-app.html
https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
https://themittenmac.com/what-does-apt-activity-look-like-on-macos/
https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/
https://therecord.media/russian-hackers-bypass-2fa-by-annoying-victims-with-repeated-push-notifications/
https://thewover.github.io/Introducing-Donut/
https://thisissecurity.stormshield.com/2014/08/20/poweliks-command-line-confusion/
https://threatconnect.com/blog/infrastructure-research-hunting/
https://threatconnect.com/blog/kimsuky-phishing-operations-putting-in-work/
https://threatexpress.com/blogs/2017/metatwin-borrowing-microsoft-metadata-and-digital-signatures-to-hide-binaries/
https://threatpost.com/broadvoice-leaks-350m-records-voicemail-transcripts/160158/
https://threatpost.com/facebook-launching-pad-phishing-attacks/160351/
https://threatpost.com/fin7-backdoor-ethical-hacking-tool/166194/
https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/
https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761/
https://threatpost.com/sharpshooter-complexity-scope/142359/
https://threatpost.com/spammers-revive-hancitor-downloader-campaigns/123011/
https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html
https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
https://ti.dbappsecurity.com.cn/blog/articles/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/
https://tlseminar.github.io/downgrade-attacks/
https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080610-SNMPv3
https://tools.cisco.com/security/center/resources/integrity_assurance.html#13
https://tools.cisco.com/security/center/resources/integrity_assurance.html#23
https://tools.cisco.com/security/center/resources/integrity_assurance.html#26
https://tools.cisco.com/security/center/resources/integrity_assurance.html#30
https://tools.cisco.com/security/center/resources/integrity_assurance.html#31
https://tools.cisco.com/security/center/resources/integrity_assurance.html#34
https://tools.cisco.com/security/center/resources/integrity_assurance.html#35
https://tools.cisco.com/security/center/resources/integrity_assurance.html#38
https://tools.cisco.com/security/center/resources/integrity_assurance.html#39
https://tools.cisco.com/security/center/resources/integrity_assurance.html#40
https://tools.cisco.com/security/center/resources/integrity_assurance.html#7
https://tools.ietf.org/html/rfc1918
https://tools.ietf.org/html/rfc826
https://tools.kali.org/password-attacks/hydra
https://torrentfreak.com/anonymous-hackers-deface-russian-govt-site-to-protest-web-blocking-nsfw-180512/
https://trustedsignal.blogspot.com/2014/05/kansa-service-related-collectors-and.html
https://twitter.com/cglyer/status/985311489782374400
https://twitter.com/dez_/status/986614411711442944
https://twitter.com/ESETresearch/status/1458438155149922312
https://twitter.com/Evi1cg/status/935027922397573120
https://twitter.com/ItsReallyNick/status/1055321652777619457
https://twitter.com/ItsReallyNick/status/1055321868641689600
https://twitter.com/ItsReallyNick/status/1189622925286084609
https://twitter.com/ItsReallyNick/status/944321013084573697
https://twitter.com/ItsReallyNick/status/945681177108762624
https://twitter.com/ItsReallyNick/status/958789644165894146
https://twitter.com/james_inthe_box/status/1150495335812177920
https://twitter.com/leoloobeek/status/939248813465853953
https://twitter.com/NickTyrer/status/958450014111633408
https://twitter.com/PyroTek3/status/1126487227712921600/photo/1
https://twitter.com/r0wdy_/status/936365549553991680
https://twitter.com/vector_sec/status/896049052642533376
https://ubuntu.com/server/docs/service-sssd
https://ubuntuhandbook.org/index.php/2021/06/hide-user-accounts-ubuntu-20-04-login-screen/
https://umbrella.cisco.com/blog/2015/02/18/at-high-noon-algorithms-do-battle/
https://umbrella.cisco.com/blog/2016/10/10/domain-generation-algorithms-effective/
https://undocumented.ntinternals.net/
https://unit42.paloaltonetworks.com/acidbox-rare-malware/
https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/
https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/
https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/
https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/
https://unit42.paloaltonetworks.com/clop-ransomware/
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/
https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/
https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/
https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/
https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/
https://unit42.paloaltonetworks.com/imminent-monitor-a-rat-down-under/
https://unit42.paloaltonetworks.com/ironnetinjector/
https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/
https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/
https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/
https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/
https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/
https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/
https://unit42.paloaltonetworks.com/pingpull-gallium/
https://unit42.paloaltonetworks.com/russian-language-malspam-pushing-redaman-banking-malware/
https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
https://unit42.paloaltonetworks.com/siloscape/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
https://unit42.paloaltonetworks.com/ta551-shathak-icedid/
https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/
https://unit42.paloaltonetworks.com/threat-assessment-ekans-ransomware/
https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-generation-algorithms-dga/
https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/
https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/#whispergate-malware-family
https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/
https://unit42.paloaltonetworks.com/unit42-analyzing-oilrigs-ops-tempo-testing-weaponization-delivery/
https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/
https://unit42.paloaltonetworks.com/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/
https://unit42.paloaltonetworks.com/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/
https://unit42.paloaltonetworks.com/unit42-paranoid-plugx/
https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/
https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/
https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/
https://unit42.paloaltonetworks.com/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/
https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/
https://unit42.paloaltonetworks.com/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/
https://unit42.paloaltonetworks.com/valak-evolution/
https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/
https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html
https://usa.kaspersky.com/about/press-releases/2018_synack-doppelganging
https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf
https://usa.visa.com/dam/VCOM/global/support-legal/documents/fin6-cybercrime-group-expands-threat-To-ecommerce-merchants.pdf
https://us-cert.cisa.gov/APTs-Targeting-IT-Service-Provider-Customers
https://us-cert.cisa.gov/ncas/alerts/aa20-239a
https://us-cert.cisa.gov/ncas/alerts/aa20-258a
https://us-cert.cisa.gov/ncas/alerts/aa20-259a
https://us-cert.cisa.gov/ncas/alerts/aa20-301a
https://us-cert.cisa.gov/ncas/alerts/aa20-302a
https://us-cert.cisa.gov/ncas/alerts/aa21-008a
https://us-cert.cisa.gov/ncas/alerts/aa21-048a
https://us-cert.cisa.gov/ncas/alerts/aa21-200a
https://us-cert.cisa.gov/ncas/alerts/TA17-156A
https://us-cert.cisa.gov/ncas/alerts/TA18-106A
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-133b
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198a
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198b
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198c
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239a
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303a
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a
https://us-cert.cisa.gov/ncas/tips/ST05-016
https://vb2020.vblocalhost.com/uploads/VB2020-06.pdf
https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf
https://vblocalhost.com/uploads/VB2021-Slowik.pdf
https://vms.drweb.com/virus/?i=4276269
https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html
https://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html
https://wald0.com/?p=179
https://web.archive.org/web/20051013084246/http://www.trilithium.com/johan/2005/08/linux-gate/
https://web.archive.org/web/20111004014029/http://www.trusteer.com/sites/default/files/Carberp_Analysis.pdf
https://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx
https://web.archive.org/web/20150311013500/http://www.cyphort.com/evilbunny-malware-instrumented-lua/
https://web.archive.org/web/20150711051625/http://vxer.org/lib/vrn00.html
https://web.archive.org/web/20150923175837/http://www.symantec.com/security_response/writeup.jsp?docid=2009-032211-2952-99&tabid=2
https://web.archive.org/web/20151226205946/https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html
https://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf
https://web.archive.org/web/20160303200515/https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf
https://web.archive.org/web/20160503234007/https://www.isightpartners.com/2014/10/cve-2014-4114/
https://web.archive.org/web/20170106175935/http:/esec-lab.sogeti.com/posts/2011/02/02/iis-backdoor.html
https://web.archive.org/web/20170720041203/http://subt0x10.blogspot.com/2017/05/subvert-clr-process-listing-with-net.html
https://web.archive.org/web/20170823094836/http:/www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf
https://web.archive.org/web/20180615122133/https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/
https://web.archive.org/web/20180808125108/https:/www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html
https://web.archive.org/web/20180825085952/https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf
https://web.archive.org/web/20190508170055/https://www.symantec.com/security-center/writeup/2000-122010-2655-99
https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/
https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf
https://web.archive.org/web/20200125132645/https://www.sans.org/security-resources/malwarefaq/conficker-worm
https://web.archive.org/web/20200302085133/https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf
https://web.archive.org/web/20200424075623/https:/www.crowdstrike.com/blog/deep-thought-chinese-targeting-national-security-think-tanks/
https://web.archive.org/web/20210708035426/https://www.cobaltstrike.com/downloads/csmanual43.pdf
https://web.archive.org/web/20210825130434/https://cobaltstrike.com/downloads/csmanual38.pdf
https://web.archive.org/web/20220224041316/https:/www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf
https://web.archive.org/web/20220818094600/https://specterops.io/assets/resources/Certified_Pre-Owned.pdf
https://web.mit.edu/kerberos/krb5-1.12/doc/basic/ccache_def.html
https://wiki.archlinux.org/index.php/Bash#Invocation
https://wiki.archlinux.org/index.php/Systemd/Timers
https://wiki.owasp.org/index.php/OAT-004_Fingerprinting
https://wiki.owasp.org/index.php/OAT-014_Vulnerability_Scanning
https://wiki.samba.org/index.php/DRSUAPI
https://witsendandshady.blogspot.com/2019/06/lab-notes-persistence-and-privilege.html
https://wojciechregula.blog/post/learn-xpc-exploitation-part-3-code-injections/
https://wunderwuzzi23.github.io/blog/passthecookie.html
https://www.221bluestreet.com/post/office-templates-and-globaldotname-a-stealthy-office-persistence-technique
https://www.7-zip.org/
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf
https://www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf
https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50
https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns
https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies
https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity
https://www.adlice.com/userland-rootkits-part-1-iat-hooks/
https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update
https://www.alienvault.com/open-threat-exchange/blog/another-sykipot-sample-likely-targeting-us-federal-agencies
https://www.alienvault.com/open-threat-exchange/blog/sykipot-variant-hijacks-dod-and-windows-smart-cards
https://www.amd.com/system/files/TechDocs/20213.pdf
https://www.amnesty.org/en/latest/research/2019/08/evolving-phishing-attacks-targeting-journalists-and-human-rights-defenders-from-the-middle-east-and-north-africa/
https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf
https://www.anomali.com/blog/anomali-suspects-that-china-backed-apt-pirate-panda-may-be-seeking-access-to-vietnam-government-data-center#When:15:00:00Z
https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations
https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop
https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect
https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies
https://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat
https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang
https://www.antitree.com/2020/07/keyctl-unmask-going-florida-on-the-state-of-containerizing-linux-keyrings/
https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/
https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/
https://www.attackify.com/blog/rundll32_execution_order/
https://www.avira.com/en/blog/new-wave-of-plugx-targets-hong-kong
https://www.baeldung.com/linux/ld_preload-trick-what-is
https://www.bitdefender.com/blog/labs/trickbot-is-dead-long-live-trickbot/
https://www.bitdefender.com/files/News/CaseStudies/study/316/Bitdefender-Whitepaper-TrickBot-en-EN-interactive.pdf
https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf
https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf
https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf
https://www.bitdefender.com/files/News/CaseStudies/study/399/Bitdefender-PR-Whitepaper-Trickbot-creat5515-en-EN.pdf 
https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf
https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf
https://www.blackhat.com/docs/eu-17/materials/eu-17-Atkinson-A-Process-Is-No-One-Hunting-For-Token-Manipulation.pdf
https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
https://www.blackhat.com/docs/us-15/materials/us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf
https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf
https://www.blackhat.com/docs/us-16/materials/us-16-Quintin-When-Governments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists.pdf
https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-boileau.pdf
https://www.blackhat.com/presentations/bh-usa-09/NEILSON/BHUSA09-Neilson-NetscreenDead-SLIDES.pdf
https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/
https://www.blackhillsinfosec.com/bypass-web-proxy-filtering/
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/
https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-windows-solutions/
https://www.bleepingcomputer.com/news/security/hacking-group-s-new-malware-abuses-google-and-facebook-services/
https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/
https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/
https://www.bleepingcomputer.com/news/security/new-godlua-malware-evades-traffic-monitoring-via-dns-over-https/
https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/
https://www.bleepingcomputer.com/news/security/op-sharpshooter-connected-to-north-koreas-lazarus-group/
https://www.bleepingcomputer.com/news/security/psa-dont-open-spam-containing-password-protected-word-docs/
https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/
https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targets/
https://www.bleepingcomputer.com/tutorials/how-malware-hides-as-a-service/
https://www.boho.or.kr/krcert/publicationView.do?bulletin_writing_sequence=35936
https://www.brighttalk.com/webcast/10703/275683
https://www.brighttalk.com/webcast/10703/296317/apt34-new-targeted-attack-in-the-middle-east
https://www.bromium.com/how-ursnif-evades-detection/
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/
https://www.caida.org/publications/papers/2012/analysis_slash_zero/analysis_slash_zero.pdf
https://www.carbonblack.com/2016/04/28/threat-advisory-squiblydoo-continues-trend-of-attackers-using-native-os-tools-to-live-off-the-land/
https://www.carbonblack.com/2016/09/23/security-advisory-variants-well-known-adware-families-discovered-include-sophisticated-obfuscation-techniques-previously-associated-nation-state-attacks/
https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware/
https://www.carbonblack.com/2019/04/24/cb-tau-threat-intelligence-notification-emotet-utilizing-wmi-to-launch-powershell-encoded-code/
https://www.carbonblack.com/2019/05/14/cb-tau-threat-intelligence-notification-jcry-ransomware-pretends-to-be-adobe-flash-player-update-installer/
https://www.carbonblack.com/2019/05/17/cb-tau-threat-intelligence-notification-robbinhood-ransomware-stops-181-windows-services-before-encryption/
https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/
https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-003.pdf
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-011.pdf
https://www.circl.lu/services/passive-dns/
https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions
https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
https://www.cisa.gov/uscert/ncas/alerts/TA18-106A
https://www.cisa.gov/uscert/ncas/analysis-reports/AR18-352A
https://www.cisa.gov/uscert/ncas/analysis-reports/ar20-303a
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_603839.html
https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/20370-snmpsecurity-20370.html
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-1/interfaces/configuration/guide/hc51xcrsbook/hc51span.html
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/
https://www.cisecurity.org/blog/emotet-changes-ttp-and-arrives-in-united-states/
https://www.cisecurity.org/white-papers/ms-isac-security-primer-emotet/
https://www.clearskysec.com/fox-kitten/
https://www.clearskysec.com/siamesekitten/
https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf
https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf
https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf
https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf
https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf
https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf
https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf
https://www.clockwork.com/news/2012/09/28/602/ssh_agent_hijacking
https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/
https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/
https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/
https://www.cloudflare.com/learning/ddos/syn-flood-ddos-attack/
https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/
https://www.cobaltstrike.com/blog/high-reputation-redirectors-and-domain-fronting/
https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf
https://www.cobaltstrike.com/help-browser-pivoting
https://www.cobaltstrike.com/help-scripted-web-delivery
https://www.commandfive.com/papers/C5_APT_SKHack.pdf
https://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/
https://www.computerworld.com/article/2486903/windows-malware-tries-to-infect-android-devices-connected-to-pcs.html
https://www.contextis.com/blog/comma-separated-vulnerabilities
https://www.corero.com/resources/ddos-attack-types/syn-flood-ack.html
https://www.coresecurity.com/corelabs-research/open-source-tools/impacket
https://www.coretechnologies.com/blog/windows-services/eventlog/
https://www.countercept.com/blog/detecting-parent-pid-spoofing/
https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/
https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/
https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/
https://www.crowdstrike.com/blog/cve-2022-0185-kubernetes-container-escape-using-linux-kernel-exploit/
https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-qakbot-zip-based-campaign/
https://www.crowdstrike.com/blog/falcon-overwatch-contributes-to-blackcat-protection/
https://www.crowdstrike.com/blog/hidden-administrative-accounts-bloodhound-to-the-rescue/
https://www.crowdstrike.com/blog/hiding-in-plain-sight-using-the-office-365-activities-api-to-investigate-business-email-compromises/
https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/
https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/
https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-big-game-hunting-ransomware-attack/
https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/
https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/
https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/
https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/
https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitten/
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
https://www.crowdstrike.com/blog/targeted-dharma-ransomware-intrusions-exhibit-consistent-techniques/
https://www.crowdstrike.com/blog/technical-analysis-of-whispergate-malware
https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/
https://www.crowdstrike.com/blog/who-is-pioneer-kitten/
https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/
https://www.crowdstrike.com/blog/wizard-spider-adversary-update/
https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf
https://www.crysys.hu/publications/files/skywiper.pdf
https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China
https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf
https://www.cyber.nj.gov/threat-profiles/trojan-variants/ursnif
https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
https://www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/
https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/
https://www.cyberbit.com/blog/endpoint-security/new-early-bird-code-injection-technique-discovered/
https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/
https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/
https://www.cybereason.com/blog/a-bazar-of-tricks-following-team9s-development-cycles
https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite
https://www.cybereason.com/blog/cybereason-vs.-clop-ransomware
https://www.cybereason.com/blog/cybereason-vs.-conti-ransomware
https://www.cybereason.com/blog/cybereason-vs.-whispergate-wiper
https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
https://www.cybereason.com/blog/cybereason-vs-egregor-ransomware
https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware
https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does
https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom
https://www.cybereason.com/blog/medusalocker-ransomware
https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
https://www.cybereason.com/blog/operation-cobalt-kitty-apt
https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
https://www.cybereason.com/blog/research/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage
https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations
https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware
https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control
https://www.cybereason.com/blog/valak-more-than-meets-the-eye
https://www.cybereason.com/hubfs/dam/collateral/reports/11-2020-Chaes-e-commerce-malware-research.pdf
https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf
https://www.cyberscoop.com/fin7-dde-morphisec-fileless-malware/
https://www.cyberscoop.com/kevin-mandia-fireeye-u-s-malware-nice/
https://www.cylance.com/content/dam/cylance/pdfs/white_papers/RedirectToSMB.pdf
https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066572390.1555511517
https://www.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar
https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques/
https://www.cynet.com/blog/cynet-detection-report-ragnar-locker-ransomware/
https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?
https://www.darkreading.com/threat-intelligence/fireeye-s-mandia-severity-zero-alert-led-to-discovery-of-solarwinds-attack
https://www.datawire.io/code-injection-on-linux-and-macos/
https://www.dcshadow.com/
https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-mscriptsinstact
https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/
https://www.defcon.org/images/defcon-22/dc-22-presentations/Bloxham/DEFCON-22-Brady-Bloxham-Windows-API-Abuse-UPDATED.pdf
https://www.digicert.com/kb/ssl-certificate-installation.htm
https://www.digitalshadows.com/blog-and-research/content-delivery-networks-cdns-can-leave-you-exposed-how-you-might-be-affected-and-what-you-can-do-about-it/
https://www.digitrustgroup.com/agent-tesla-keylogger/
https://www.digitrustgroup.com/nanocore-not-your-average-rat/
https://www.dragos.com/blog/industry-news/a-new-water-watering-hole/
https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/
https://www.dragos.com/threat/parisite/
https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf
https://www.dsinternals.com/en/retrieving-dpapi-backup-keys-from-active-directory/
https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
https://www.elastic.co/blog/embracing-offensive-tooling-building-detections-against-koadic-using-eql
https://www.elastic.co/blog/how-hunt-detecting-persistence-evasion-com
https://www.elastic.co/blog/hunting-for-persistence-using-elastic-security-part-1
https://www.elastic.co/guide/en/security/7.17/shortcut-file-written-or-modified-for-persistence.html#shortcut-file-written-or-modified-for-persistence
https://www.endgame.com/blog/technical-blog/hunting-memory
https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
https://www.engadget.com/2013/10/23/applescript-and-automator-gain-new-features-in-os-x-mavericks/
https://www.esentire.com/security-advisories/notorious-cybercrime-gang-fin7-lands-malware-in-law-firm-using-fake-legal-complaint-against-jack-daniels-owner-brown-forman-inc
https://www.eset.com/fileadmin/eset/US/resources/docs/white-papers/white-papers-win-32-carberp.pdf
https://www.eurovps.com/blog/important-linux-log-files-you-must-be-monitoring/
https://www.eventtracker.com/tech-articles/monitoring-file-permission-changes-windows-security-log/
https://www.exploit-db.com/
https://www.exploit-db.com/docs/17802.pdf
https://www.exploit-db.com/google-hacking-database
https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL_0.pdf
https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre
https://www.fidelissecurity.com/threatgeek/archive/introducing-hi-zor-rat/
https://www.fidelissecurity.com/threatgeek/threat-intelligence/turbo-twist-two-64-bit-derusbi-strains-converge
https://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html
https://www.fireeye.com/blog/threat-research/2010/08/dll-search-order-hijacking-revisited.html
https://www.fireeye.com/blog/threat-research/2011/06/fxsst.html
https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-1.html
https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-2.html
https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html
https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html
https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html
https://www.fireeye.com/blog/threat-research/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html
https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
https://www.fireeye.com/blog/threat-research/2014/05/the-pla-and-the-800am-500pm-work-day-fireeye-confirms-dojs-findings-on-apt1-intrusion-activity.html
https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html
https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html
https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html
https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html
https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html
https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html
https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html
https://www.fireeye.com/blog/threat-research/2016/09/hancitor_aka_chanit.html
https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html
https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html
https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html
https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html
https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html
https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html
https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html
https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html
https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html
https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html
https://www.fireeye.com/blog/threat-research/2017/07/hawkeye-malware-distributed-in-phishing-campaign.html
https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html
https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html
https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html
https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html
https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html
https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html
https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html 
https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html
https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html
https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html
https://www.fireeye.com/blog/threat-research/2019/03/dissecting-netwire-phishing-campaign-usage-of-process-hollowing.html
https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html
https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html
https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
https://www.fireeye.com/blog/threat-research/2019/10/leveraging-apple-remote-desktop-for-good-and-evil.html
https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html
https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html
https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html
https://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-linux-red-teams.html
https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html
https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html
https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html
https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html
https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html
https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html
https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
https://www.fireeye.com/content/dam/collateral/en/wp-m-unc2452.pdf
https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf
https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-entertainment.pdf
https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading.pdf
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report-appendix.zip
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf
https://www.fireeye.com/current-threats/threat-intelligence-reports/rpt-fin4.html
https://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniques.pdf
https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/
https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/
https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/#242c479d3196
https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan
https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf
https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html
https://www.fortinet.com/blog/threat-research/another-metamorfo-variant-targeting-customers-of-financial-institutions
https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-emotet-variant-part-1.html
https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider
https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr.html
https://www.fortinet.com/blog/threat-research/remcos-a-new-rat-in-the-wild-2.html
https://www.fortinet.com/blog/threat-research/trickbot-s-new-reconnaissance-plugin.html
https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf
https://www.freedesktop.org/software/systemd/man/systemd.service.html
https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html
https://www.freedesktop.org/wiki/Software/systemd/
https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1382.do?page=1&column=&search=&searchSDate=&searchEDate=&bbsDataCategory=
https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1680.do
https://www.f-secure.com/documents/996508/1030745/CozyDuke
https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf
https://www.f-secure.com/v-descs/backdoor_w32_hupigon_emv.shtml
https://www.f-secure.com/v-descs/trojan_w32_lokibot.shtml
https://www.f-secure.com/weblog/archives/00002576.html
https://www.gdatasoftware.com/blog/2019/06/31724-strange-bits-sodinokibi-spam-cinarat-and-fake-g-data
https://www.geeksforgeeks.org/inter-process-communication-ipc/#:~:text=Inter%2Dprocess%20communication%20(IPC),of%20co%2Doperation%20between%20them.
https://www.ghacks.net/2017/06/10/windows-msc-files-overview/
https://www.ghacks.net/2017/09/19/first-chrome-extension-with-javascript-crypto-miner-detected/
https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631
https://www.glitch-cat.com/blog/green-lambert-and-attack
https://www.gnu.org/software/acct/
https://www.gnu.org/software/libc/
https://www.gnu.org/software/libc/manual/html_node/Creating-a-Process.html
https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games
https://www.group-ib.com/blog/cobalt
https://www.group-ib.com/blog/rtm
https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf
https://www.group-ib.com/resources/threat-research/silence_moving-into-the-darkside.pdf
https://www.group-ib.com/whitepapers/ransomware-uncovered.html
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://www.hackers-arise.com/email-scraping-and-maltego
https://www.hackingarticles.in/defense-evasion-windows-event-logging-t1562-002/
https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
https://www.hipaajournal.com/47gb-medical-records-unsecured-amazon-s3-bucket/
https://www.hornetsecurity.com/en/security-information/avaddon-from-seeking-affiliates-to-in-the-wild-in-2-days/
https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/
https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
https://www.hybrid-analysis.com/sample/22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6?environmentId=110
https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
https://www.ic3.gov/media/2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pdf
https://www.icann.org/groups/ssac/documents/sac-007-en
https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses
https://www.imperva.com/learn/ddos/booters-stressers-ddosers/
https://www.intego.com/mac-security-blog/new-osxshlayer-malware-variant-found-using-a-dirty-new-trick/
https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/
https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/security-technologies-4th-gen-core-retail-paper.pdf
https://www.intelligence.senate.gov/sites/default/files/documents/os-kmandia-033017.pdf
https://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
https://www.intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
https://www.intezer.com/blog/malware-analysis/executable-linkable-format-101-part-2-symbols/
https://www.intezer.com/blog/malware-analysis/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/
https://www.intezer.com/blog/research/acbackdoor-analysis-of-a-new-multiplatform-backdoor/
https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
https://www.intrinsec.com/egregor-prolock/?cn-reloaded=1
https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/
https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf
https://www.ired.team/offensive-security/code-injection-process-injection/modulestomping-dll-hollowing-shellcode-injection
https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware
https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims
https://www.ironnet.com/blog/china-cyber-attacks-the-current-threat-landscape
https://www.isaca.org/resources/isaca-journal/issues/2017/volume-6/evasive-malware-tricks-how-malware-evades-detection-by-sandboxes
https://www.ise.io/casestudies/password-manager-hacking/
https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html
https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/
https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines
https://www.joesandbox.com/analysis/318027/0/html
https://www.joesecurity.org/blog/3660886847485093803
https://www.joesecurity.org/blog/498839998833561473
https://www.juniper.net/documentation/en_US/junos/topics/concept/port-mirroring-ex-series.html
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/understanding-and-using-dai.html
https://www.justice.gov/file/1080281/download
https://www.justice.gov/opa/page/file/1098481/download
https://www.justice.gov/opa/page/file/1122671/download
https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged
https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion
https://www.justice.gov/opa/press-release/file/1084361/download
https://www.justice.gov/opa/press-release/file/1092091/download
https://www.justice.gov/opa/press-release/file/1328521/download
https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network
https://www.justice.gov/usao-sdny/press-release/file/1045781/download
https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/
https://www.kb.cert.org/vuls/id/843464
https://www.kernel.org/doc/html/latest/security/self-protection.html
https://www.kernel.org/doc/html/v4.12/core-api/kernel-api.html
https://www.kroll.com/en/insights/publications/cyber/qakbot-malware-exfiltrating-emails-thread-hijacking-attacks
https://www.kroll.com/en/insights/publications/malware-analysis-report-rawpos-malware
https://www.kubeflow.org/docs/components/pipelines/overview/pipelines-overview/
https://www.lacework.com/blog/taking-teamtnt-docker-images-offline/
https://www.lastline.com/labsblog/defeating-darkhotel-just-in-time-decryption/
https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf
https://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/
https://www.malwarebytes.com/blog/news/2018/05/seo-poisoning-is-it-worth-it
https://www.malwarebytes.com/blog/news/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku
https://www.malwarebytes.com/blog/news/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure
https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf
https://www.malwaretech.com/2013/08/powerloader-injection-something-truly.html
https://www.malwaretech.com/2014/11/virtual-file-systems-for-beginners.html
https://www.man7.org/linux/man-pages/man8/ld.so.8.html
https://www.mandiant.com/media/17826
https://www.mandiant.com/resources/apt41-initiates-global-intrusion-campaign-using-multiple-exploits
https://www.mandiant.com/resources/blog/golang-internals-symbol-recovery
https://www.mandiant.com/resources/blog/suspected-iranian-actor-targeting-israeli-shipping
https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique
https://www.mandiant.com/resources/chasing-avaddon-ransomware
https://www.mandiant.com/resources/detecting-microsoft-365-azure-active-directory-backdoors
https://www.mandiant.com/resources/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs
https://www.mandiant.com/resources/russian-targeting-gov-business
https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation
https://www.mandiant.com/resources/staying-hidden-on-the-endpoint-evading-detection-with-shellcode
https://www.mandiant.com/resources/supply-chain-analysis-from-quartermaster-to-sunshop
https://www.mandiant.com/resources/synful-knock-acis
https://www.mandiant.com/resources/telegram-malware-iranian-espionage
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/macro-malware-targets-macs/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/?hilite=%27Operation%27%2C%27North%27%2C%27Star%27
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-ransomware.pdf
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf
https://www.mci.gov.sg/-/media/mcicorp/doc/report-of-the-coi-into-the-cyber-attack-on-singhealth-10-jan-2019.ashx
https://www.mdsec.co.uk/2017/07/categorisation-is-not-a-security-boundary/
https://www.mdsec.co.uk/2020/06/detecting-and-advancing-in-memory-net-tradecraft/
https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/
https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions/
https://www.melani.admin.ch/dam/melani/de/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf
https://www.menlosecurity.com/blog/new-attack-alert-duri
https://www.microsoft.com/download/details.aspx?id=21714
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3aWin32%2fPoisonivy.E
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor:Win32/Lamin.A
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Truvasys.A!dha
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Wingbird.A!dha
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Totbrick
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif.gen!I&threatId=-2147336918
https://www.microsoft.com/security/blog/2016/06/01/hacking-team-breach-a-cyber-jurassic-park/
https://www.microsoft.com/security/blog/2016/06/09/reverse-engineering-dubnium-2/
https://www.microsoft.com/security/blog/2016/07/14/reverse-engineering-dubnium-stage-2-payload-analysis/
https://www.microsoft.com/security/blog/2017/05/04/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack/
https://www.microsoft.com/security/blog/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/
https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
https://www.microsoft.com/security/blog/2020/03/09/real-life-cybercrime-stories-dart-microsoft-detection-and-response-team
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/
https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails/
https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks
https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/
https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe
https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa
https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/
https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/
https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/
https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4beddb35-0cba-424c-8b9b-a5832ad8e208.mspx
https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/
https://www.mwrinfosecurity.com/our-thinking/dynamic-hooking-techniques-user-mode/
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/smuggling-hta-files-in-internet-exploreredge/
https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf
https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf
https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf
https://www.ncsc.gov.uk/files/NCSC-Malware-Analysis-Report-Small-Sieve.pdf
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
https://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools
https://www.netmeister.org/blog/keychain-passwords.html
https://www.netscout.com/blog/asert/ddos-attacks-ssl-something-old-something-new
https://www.netskope.com/blog/a-big-catch-cloud-phishing-from-google-app-engine-and-azure-app-service
https://www.netskope.com/blog/nitol-botnet-makes-resurgence-evasive-sandbox-analysis-technique
https://www.netskope.com/blog/squirrelwaffle-new-malware-loader-delivering-cobalt-strike-and-qakbot
https://www.netskope.com/blog/targeted-attacks-abusing-google-cloud-platform-open-redirection
https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html
https://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html
https://www.offensive-security.com/metasploit-unleashed/vnc-authentication/
https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf
https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Tools-Report.pdf
https://www.opm.gov/cybersecurity/cybersecurity-incidents/
https://www.osdfcon.org/presentations/2020/Brian-Moran_Putting-Together-the-RDPieces.pdf
https://www.owasp.org/index.php/Binary_planting
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/whitepapers/unit42-silverterrier-rise-of-nigerian-business-email-compromise
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf
https://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling
https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html
https://www.passcape.com/index.php?section=docsys&cmd=details&id=23
https://www.passcape.com/windows_password_recovery_vault_explorer
https://www.pcmag.com/encyclopedia/term/double-extension
https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages
https://www.petri.com/setting-up-logon-script-through-active-directory-users-computers-windows-server-2008
https://www.picussecurity.com/blog/a-brief-history-and-further-technical-analysis-of-sodinokibi-ransomware
https://www.picussecurity.com/blog/the-christmas-card-you-never-wanted-a-new-wave-of-emotet-is-back-to-wreak-havoc.html
https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/
https://www.prevailion.com/darkwatchman-new-fileless-techniques/
https://www.prevailion.com/phantom-in-the-command-shell-2/
https://www.programmersought.com/article/62493896999/
https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf
https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
https://www.proofpoint.com/us/blog/threat-insight/caught-beneath-landline-411-telephone-oriented-attack-delivery
https://www.proofpoint.com/us/blog/threat-insight/geofenced-netwire-campaigns
https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european
https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread
https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader
https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts
https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx
https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
https://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malware
https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets
https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks
https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target
https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign
https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside
https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505
https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat
https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader
https://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times
https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter
https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/
https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf
https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html
https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html
https://www.pwc.co.uk/issues/cyber-security-services/insights/wellmess-analysis-command-control.html
https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/
https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response
https://www.rapid7.com/db/modules/exploit/linux/local/service_persistence
https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
https://www.rarlab.com/
https://www.ready.gov/business/implementation/IT
https://www.real-world-systems.com/docs/launchdPlist.1.html
https://www.recordedfuture.com/cobalt-strike-servers/
https://www.recordedfuture.com/identifying-cobalt-strike-servers/
https://www.recordedfuture.com/turla-apt-infrastructure/
https://www.recurity-labs.com/research/RecurityLabs_Developments_in_IOS_Forensics.pdf
https://www.redcanary.com/blog/microsoft-html-application-hta-abuse-part-deux/
https://www.rewterz.com/articles/analysis-on-sidewinder-apt-group-covid-19
https://www.rewterz.com/threats/sidewinder-apt-group-campaign-analysis
https://www.ria.ee/sites/default/files/content-editors/kuberturve/tale_of_gamaredon_infection.pdf
https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/
https://www.riskiq.com/blog/labs/cobalt-strike/
https://www.riskiq.com/blog/labs/lazarus-group-cryptocurrency/
https://www.riskiq.com/blog/labs/magecart-newegg/
https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/
https://www.riskiq.com/blog/labs/ukraine-malware-infrastructure/
https://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shell-crew.pdf
https://www.rsaconference.com/writable/presentations/file_upload/ht-209_rivner_schwartz.pdf
https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1498163766.pdf
https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf
https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599
https://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techniques-36667
https://www.sans.org/reading-room/whitepapers/networkdevs/securing-snmp-net-snmp-snmpv3-1051
https://www.sans.org/reading-room/whitepapers/testing/template-injection-attacks-bypassing-security-controls-living-land-38780
https://www.schneier.com/academic/paperfiles/paper-clueless-agents.pdf
https://www.se.com/ww/en/download/document/SESN-2018-236-01/
https://www.sec.gov/edgar/search-and-access
https://www.secureauth.com/labs/open-source-tools/impacket
https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities
https://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again
https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish
https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
https://www.secureworks.com/blog/malware-lingers-with-bits
https://www.secureworks.com/blog/notpetya-campaign-what-we-know-about-the-latest-global-ransomware-attack
https://www.secureworks.com/blog/revil-the-gandcrab-connection
https://www.secureworks.com/blog/usaid-themed-phishing-campaign-leverages-us-elections-lure
https://www.secureworks.com/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems
https://www.secureworks.com/blog/wmi-persistence
https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox
https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses
https://www.secureworks.com/research/bronze-president-targets-ngos
https://www.secureworks.com/research/bronze-union
https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation
https://www.secureworks.com/research/iron-twilight-supports-active-measures
https://www.secureworks.com/research/mcmd-malware-analysis
https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector
https://www.secureworks.com/research/revil-sodinokibi-ransomware
https://www.secureworks.com/research/skeleton-key-malware-analysis
https://www.secureworks.com/research/the-curious-case-of-mia-ash
https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
https://www.secureworks.com/research/threat-profiles/gold-cabin
https://www.secureworks.com/research/threat-profiles/gold-southfield
https://www.secureworks.com/research/threat-profiles/iron-ritual
https://www.secureworks.com/research/threat-profiles/iron-tilden
https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector
https://www.secureworks.com/research/wcry-ransomware-analysis
https://www.secureworld.io/industry-news/how-secure-is-your-slack-channel#:~:text=Electronic%20Arts%20hacked%20through%20Slack%20channel&text=In%20total%2C%20the%20hackers%20claim,credentials%20over%20a%20Slack%20channel.
https://www.securityartwork.es/wp-content/uploads/2017/07/Trickbot-report-S2-Grupo.pdf
https://www.securityinbits.com/malware-analysis/parent-pid-spoofing-stage-2-ataware-ransomware-part-3
https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation
https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/
https://www.sentinelone.com/blog/coming-out-of-your-shell-from-shlayer-to-zshlayer/
https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/
https://www.sentinelone.com/blog/how-malware-persists-on-macos/
https://www.sentinelone.com/blog/how-offensive-actors-use-applescript-for-attacking-macos/
https://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/
https://www.sentinelone.com/blog/teaching-an-old-rat-new-tricks/
https://www.sentinelone.com/blog/trail-osx-fairytale-adware-playing-malware/
https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/
https://www.sentinelone.com/labs/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/
https://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack
https://www.sentinelone.com/labs/infect-if-needed-a-deeper-dive-into-targeted-backdoor-macos-macma/
https://www.sentinelone.com/labs/resourceful-macos-malware-hides-in-named-fork/
https://www.sentinelone.com/labs/wastedlocker-ransomware-abusing-ads-and-ntfs-file-attributes/
https://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/
https://www.slideshare.net/DennisMaldonado5/sticky-keys-to-the-kingdom
https://www.slideshare.net/DouglasBienstock/shmoocon-2019-becs-and-beyond-investigating-and-defending-office-365
https://www.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2
https://www.slideshare.net/morisson/mistrusting-and-abusing-ssh-13526219
https://www.slideshare.net/rootedcon/carlos-garca-pentesting-active-directory-forests-rooted2019
https://www.smartmontools.org/
https://www.sogeti.com/globalassets/reports/cybersecchronicles_-_babuk.pdf
https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-ransomware-chooses-Its-targets-carefully-wpna.pdf
https://www.splunk.com/en_us/blog/security/detecting-supernova-malware-solarwinds-continued.html
https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html
https://www.ssh.com/ssh
https://www.ssh.com/ssh/authorized_keys/
https://www.ssh.com/ssh/tunneling
https://www.sslshopper.com/ssl-checker.html
https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning
https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000077
https://www.stigviewer.com/stig/windows_server_2008_r2_member_server/2015-06-25/finding/V-26482
https://www.stigviewer.com/stig/windows_server_2016/2019-12-12/finding/V-91779
https://www.sudo.ws/
https://www.sygnia.co/golden-saml-advisory
https://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf
https://www.symantec.com/blogs/election-security/apt28-espionage-military-government
https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor
https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group
https://www.symantec.com/blogs/threat-intelligence/jrat-new-anti-parsing-techniques
https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east
https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group
https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets
https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments
https://www.symantec.com/connect/articles/ssh-and-ssh-agent
https://www.symantec.com/connect/articles/what-you-need-know-about-alternate-data-streams-windows-your-data-secure-can-you-restore
https://www.symantec.com/connect/blogs/cross-platform-frutas-rat-builder-and-back-door
https://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache
https://www.symantec.com/connect/blogs/how-trojanhydraq-stays-your-computer
https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets
https://www.symantec.com/connect/blogs/malware-update-windows-update
https://www.symantec.com/connect/blogs/shamoon-attacks
https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments
https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan
https://www.symantec.com/connect/blogs/trojanhydraq-incident
https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf
https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-continued-rise-of-ddos-attacks.pdf
https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
https://www.symantec.com/security_response/writeup.jsp?docid=2005-081910-3934-99
https://www.symantec.com/security_response/writeup.jsp?docid=2008-062807-2501-99&tabid=2
https://www.symantec.com/security_response/writeup.jsp?docid=2010-011114-1830-99
https://www.symantec.com/security_response/writeup.jsp?docid=2012-050412-4128-99
https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-2843-99
https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-3445-99
https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-3909-99
https://www.symantec.com/security_response/writeup.jsp?docid=2012-051605-2535-99
https://www.symantec.com/security_response/writeup.jsp?docid=2012-051606-1005-99
https://www.symantec.com/security_response/writeup.jsp?docid=2012-051606-5938-99
https://www.symantec.com/security_response/writeup.jsp?docid=2012-061518-4639-99
https://www.symantec.com/security_response/writeup.jsp?docid=2015-120123-5521-99
https://www.symantec.com/security-center/writeup/2014-081811-3237-99?tabid=2
https://www.symantec.com/security-center/writeup/2016-081923-2700-99
https://www.symantec.com/security-center/writeup/2018-073014-2512-99?om_rssid=sr-latestthreats30days
https://www.synack.com/2017/01/01/mac-malware-2016/
https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/
https://www.synack.com/wp-content/uploads/2016/03/RSA_OSX_Malware.pdf
https://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/
https://www.techradar.com/news/ea-hack-reportedly-used-stolen-cookies-and-slack-to-hack-gaming-giant
https://www.techrepublic.com/blog/data-center/configuring-wireless-settings-via-group-policy/
https://www.techrepublic.com/blog/the-enterprise-cloud/backing-up-and-restoring-snapshots-on-amazon-ec2-machines/
https://www.tecmint.com/control-systemd-services-on-remote-linux-server/
https://www.tenable.com/blog/detecting-macos-high-sierra-root-account-without-authentication
https://www.tetradefense.com/incident-response-services/cause-and-effect-sodinokibi-ransomware-analysis
https://www.thepythoncode.com/article/executing-bash-commands-remotely-in-python
https://www.theregister.com/2015/02/28/uber_subpoenas_github_for_hacker_details/
https://www.theregister.com/2017/09/26/deloitte_leak_github_and_google/
https://www.threatminer.org/_reports/2013/fta-1009---njrat-uncovered-1.pdf
https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1
https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop
https://www.tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html
https://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html
https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf
https://www.trendmicro.com/en_us/research/17/b/ratankba-watering-holes-against-enterprises.html
https://www.trendmicro.com/en_us/research/18/a/new-killdisk-variant-hits-financial-organizations-in-latin-america.html
https://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.html
https://www.trendmicro.com/en_us/research/18/f/new-killdisk-variant-hits-latin-american-financial-organizations-again.html
https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html
https://www.trendmicro.com/en_us/research/19/e/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims.html
https://www.trendmicro.com/en_us/research/19/h/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy.html
https://www.trendmicro.com/en_us/research/19/j/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops.html
https://www.trendmicro.com/en_us/research/19/l/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection.html
https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html
https://www.trendmicro.com/en_us/research/20/e/netwalker-fileless-ransomware-injected-via-reflective-loading.html
https://www.trendmicro.com/en_us/research/20/f/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers.html
https://www.trendmicro.com/en_us/research/20/g/updates-on-quickly-evolving-thiefquest-macos-malware.html
https://www.trendmicro.com/en_us/research/20/i/analysis-of-a-convoluted-attack-chain-involving-ngrok.html
https://www.trendmicro.com/en_us/research/20/i/tricky-forms-of-phishing.html
https://www.trendmicro.com/en_us/research/20/i/war-of-linux-cryptocurrency-miners-a-battle-for-resources.html
https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html
https://www.trendmicro.com/en_us/research/20/l/pawn-storm-lack-of-sophistication-as-a-strategy.html
https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html
https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html
https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macOS_and_iOS.html
https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html
https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html
https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets
https://www.trendmicro.com/vinfo/ph/security/news/cybercrime-and-digital-threats/qakbot-resurges-spreads-through-vbs-files
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-multi-platform-xbash-packs-obfuscation-ransomware-coinminer-worm-and-botnet
https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/BKDR_URSNIF.SM?_ga=2.129468940.1462021705.1559742358-1202584019.1549394279
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/conficker
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/DARKCOMET
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PE_URSNIF.A2?_ga=2.131425807.1462021705.1559742358-1202584019.1549394279
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_fakeav.gzd
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_zegost
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_trickload.n
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/125/how-dns-changer-trojans-direct-users-to-threats
https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf
https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf
https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-tropic-trooper.pdf
https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spraying-with-Security-Event-Auditing
https://www.tripwire.com/state-of-security/off-topic/appunblocker-bypassing-applocker/
https://www.troopers.de/troopers19/agenda/fpxwmn/
https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-two-the-uninstaller/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/pillowmint-fin7s-monkey-thief/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-curious-case-of-the-malicious-iis-module/
https://www.trustwave.com/en-us/resources/library/documents/the-golden-tax-department-and-the-emergence-of-goldenspy-malware/
https://www.trustwave.com/Resources/SpiderLabs-Blog/Shining-the-Spotlight-on-Cherry-Picker-PoS-Malware/
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4670
https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat
https://www.uptycs.com/blog/warzone-rat-comes-with-uac-bypass-technique
https://www.us-cert.gov/ics/alerts/IR-ALERT-H-16-056-01
https://www.us-cert.gov/ncas/alerts/AA18-337A
https://www.us-cert.gov/ncas/alerts/TA13-175A
https://www.us-cert.gov/ncas/alerts/TA15-314A
https://www.us-cert.gov/ncas/alerts/TA16-091A
https://www.us-cert.gov/ncas/alerts/TA17-132A
https://www.us-cert.gov/ncas/alerts/TA17-181A
https://www.us-cert.gov/ncas/alerts/TA17-293A
https://www.us-cert.gov/ncas/alerts/TA17-318A
https://www.us-cert.gov/ncas/alerts/TA17-318B
https://www.us-cert.gov/ncas/alerts/TA18-074A
https://www.us-cert.gov/ncas/alerts/TA18-086A
https://www.us-cert.gov/ncas/alerts/TA18-106A
https://www.us-cert.gov/ncas/alerts/TA18-201A
https://www.us-cert.gov/ncas/analysis-reports/AR18-165A
https://www.us-cert.gov/ncas/analysis-reports/AR18-221A
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
https://www.us-cert.gov/ncas/analysis-reports/ar20-045d
https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDF
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-D_WHITE_S508C.PDF
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-G.PDF
https://www.usenix.org/conference/usenix-security-11/dark-clouds-horizon-using-cloud-storage-attack-vector-and-online-slack
https://www.usenix.org/legacy/event/woot/tech/final_files/Cui.pdf
https://www.varonis.com/blog/power-automate-data-exfiltration
https://www.venafi.com/blog/growing-abuse-ssh-keys-commodity-malware-campaigns-now-equipped-ssh-capabilities
https://www.vice.com/en/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec
https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf
https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf
https://www.virusbulletin.com/uploads/pdf/magazine/2015/vb201503-dylib-hijacking.pdf
https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spearphishing/
https://www.virustotal.com/en/faq/
https://www.virustotal.com/gui/file/0b4c743246478a6a8c9fa3ff8e04f297507c2f0ea5d61a1284fe65387d172f81/detection
https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/
https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/
https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/
https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/
https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/
https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/
https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
https://www.welivesecurity.com/2009/01/15/malware-trying-to-avoid-some-countries/
https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/
https://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/
https://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/
https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/
https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/
https://www.welivesecurity.com/2017/01/12/fast-flux-networks-work/
https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/
https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/
https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/
https://www.welivesecurity.com/2017/07/20/stantinko-massive-adware-campaign-operating-covertly-since-2012/
https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/
https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/
https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/
https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/
https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/
https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/
https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/
https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/
https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/
https://www.welivesecurity.com/2018/12/28/analysis-latest-emotet-propagation-campaign/
https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/
https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/
https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/
https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/
https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/
https://www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/
https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine
https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine
https://www.welivesecurity.com/wp-content/uploads/200x/white-papers/osx_flashback.pdf
https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf
https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf
https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf
https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
https://www.welivesecurity.com/wp-content/uploads/2019/07/ESET_Okrum_and_Ketrican.pdf
https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf
https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Attor.pdf
https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf
https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf
https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf
https://www.welivesecurity.com/wp-content/uploads/2021/01/ESET_Kobalos.pdf
https://www.welivesecurity.com/wp-content/uploads/2021/06/eset_gelsemium.pdf
https://www.welivesecurity.com/wp-content/uploads/2022/02/eset_threat_report_t32021.pdf
https://www.winosbite.com/verclsid-exe/
https://www.winzip.com/win/en/
https://www.wired.co.uk/article/darkhotel-hacking-team-cyber-espionage
https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf
https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/
https://www.wired.com/story/magecart-amazon-cloud-hacks/
https://www.wired.com/story/uber-paid-off-hackers-to-hide-a-57-million-user-data-breach/
https://www.xorrior.com/emond-persistence/
https://www.xorrior.com/No-Place-Like-Chrome/
https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/
https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council/
https://www.zdnet.com/article/paypal-alert-beware-the-paypai-scam-5000109103/
https://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-proxy-service/
https://www.zscaler.com/blogs/research/cobian-rat-backdoored-rat
https://www.zscaler.com/blogs/research/spear-phishing-campaign-delivers-buer-and-bazar-malware
https://www.zscaler.com/blogs/security-research/apt-31-leverages-covid-19-vaccine-theme-and-abuses-legitimate-online
https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor
https://www.zscaler.com/blogs/security-research/return-higaisa-apt
https://www.zscaler.com/blogs/security-research/squirrelwaffle-new-loader-delivering-cobalt-strike
https://www.zscaler.com/blogs/security-research/ubiquitous-seo-poisoning-urls-0
https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf
https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf
https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf
https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf
https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf
https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf
https://www2.fireeye.com/WBNR-14Q4NAMFIN4.html
https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html
https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html
https://www-west.symantec.com/content/symantec/english/en/security-center/writeup.html/2018-040209-1742-99
https://x-c3ll.github.io/posts/PAM-backdoor-DNS/
https://xorl.wordpress.com/2018/02/17/lkm-loading-kernel-restrictions/
https://xorrior.com/persistent-credential-theft/
https://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/