References

Type
Url
Description

technique

https://attack.mitre.org/techniques/T1110/001


technique

https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/

Nelson, M. (2017, August 3). WSH INJECTION: A CASE STUDY. Retrieved April 9, 2018.


technique

https://attack.mitre.org/techniques/T1216/001


technique

https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dar

Cimpanu, C. (2020, May 9). A hacker group is selling more than 73 million user records on the dark web. Retrieved October 20, 2020.


technique

https://attack.mitre.org/techniques/T1597/002


technique

https://adsecurity.org/?p=1729

Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved December 4, 2017.


technique

http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/

Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.


technique

https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea

French, D. (2018, October 2). Detecting Attempts to Steal Passwords from Memory. Retrieved October 11, 2019.


technique

https://msdn.microsoft.com/library/cc228086.aspx

Microsoft. (2017, December 1). MS-DRSR Directory Replication Service (DRS) Remote Protocol. Retrieved December 4, 2017.


technique

https://msdn.microsoft.com/library/dd207691.aspx

Microsoft. (n.d.). IDL_DRSGetNCChanges (Opnum 3). Retrieved December 4, 2017.