technique
https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters
Apple. (2016, September 13). Startup Items. Retrieved July 11, 2017.
technique
https://attack.mitre.org/techniques/T1163
technique
https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/hacker-infects-node
Trendmicro. (2018, November 29). Hacker Infects Node.js Package to Steal from Bitcoin Wallets. Retrieved April 10, 2019.
technique
https://attack.mitre.org/techniques/T1195/001
technique
https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/
Fisher, D. (2012, October 31). Final Report on DigiNotar Hack Shows Total Compromise of CA Servers. Retrieved March 6, 2017.
technique
https://letsencrypt.org/docs/faq/
Let's Encrypt. (2020, April 23). Let's Encrypt FAQ. Retrieved October 15, 2020.
technique
https://www.recordedfuture.com/cobalt-strike-servers/
Insikt Group. (2019, June 18). A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers. Retrieved October 16, 2020.
technique
https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html
Kovar, R. (2017, December 11). Tall Tales of Hunting with TLS/SSL Certificates. Retrieved October 16, 2020.
technique
https://attack.mitre.org/techniques/T1588/004
technique
https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/
Hinchliffe, A. (2019, March 15). DNS Tunneling: how DNS can be (ab)used by malicious actors. Retrieved October 3, 2020.