References

Type
Url
Description

technique

https://attack.mitre.org/techniques/T1555/001


technique

https://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order

Langendorf, S. (2013, September 24). Windows Registry Persistence, Part 2: The Run Keys and Search-Order. Retrieved April 11, 2018.


technique

https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf

Pomerantz, O., Salzman, P.. (2003, April 4). The Linux Kernel Module Programming Guide. Retrieved April 6, 2018.


technique

https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx

Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017.


technique

http://msdn.microsoft.com/en-us/library/aa376977

Microsoft. (n.d.). Run and RunOnce Registry Keys. Retrieved November 12, 2014.


technique

https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx

Microsoft. (n.d.). Time Provider. Retrieved March 26, 2018.


technique

https://technet.microsoft.com/en-us/sysinternals/bb963902

Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.


technique

https://capec.mitre.org/data/definitions/564.html


technique

https://attack.mitre.org/techniques/T1547


technique

https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privile

Microsoft. (2019, February 14). Active Directory administrative tier model. Retrieved February 21, 2020.