technique
https://attack.mitre.org/techniques/T1110/001
technique
https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/
Nelson, M. (2017, August 3). WSH INJECTION: A CASE STUDY. Retrieved April 9, 2018.
technique
https://attack.mitre.org/techniques/T1216/001
technique
https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dar
Cimpanu, C. (2020, May 9). A hacker group is selling more than 73 million user records on the dark web. Retrieved October 20, 2020.
technique
https://attack.mitre.org/techniques/T1597/002
technique
https://adsecurity.org/?p=1729
Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved December 4, 2017.
technique
http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/
Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.
technique
https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea
French, D. (2018, October 2). Detecting Attempts to Steal Passwords from Memory. Retrieved October 11, 2019.
technique
https://msdn.microsoft.com/library/cc228086.aspx
Microsoft. (2017, December 1). MS-DRSR Directory Replication Service (DRS) Remote Protocol. Retrieved December 4, 2017.
technique
https://msdn.microsoft.com/library/dd207691.aspx
Microsoft. (n.d.). IDL_DRSGetNCChanges (Opnum 3). Retrieved December 4, 2017.