technique
https://attack.mitre.org/techniques/T1583/002
technique
https://docs.microsoft.com/sysinternals/downloads/sysmon
Russinovich, M. & Garnier, T. (2017, May 22). Sysmon v6.20. Retrieved December 13, 2017.
technique
https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malwar
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Destructive Malware Report. Retrieved March 2, 2016.
technique
https://attack.mitre.org/techniques/T1561
technique
https://medium.com/@galolbardes/learn-how-easy-is-to-bypass-firewalls-using-dns-tunneling-and-also-h
Galobardes, R. (2018, October 30). Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it). Retrieved March 15, 2020.
technique
https://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling
Palo Alto Networks. (n.d.). What Is DNS Tunneling?. Retrieved March 15, 2020.
technique
https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf
Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.
technique
https://attack.mitre.org/techniques/T1071/004
technique
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
AWS. (n.d.). Instance Metadata and User Data. Retrieved July 18, 2019.
technique
https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/
Krebs, B.. (2019, August 19). What We Can Learn from the Capital One Hack. Retrieved March 25, 2020.