technique
https://attack.mitre.org/techniques/T1555/001
technique
https://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order
Langendorf, S. (2013, September 24). Windows Registry Persistence, Part 2: The Run Keys and Search-Order. Retrieved April 11, 2018.
technique
https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf
Pomerantz, O., Salzman, P.. (2003, April 4). The Linux Kernel Module Programming Guide. Retrieved April 6, 2018.
technique
https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx
Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017.
technique
http://msdn.microsoft.com/en-us/library/aa376977
Microsoft. (n.d.). Run and RunOnce Registry Keys. Retrieved November 12, 2014.
technique
https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx
Microsoft. (n.d.). Time Provider. Retrieved March 26, 2018.
technique
https://technet.microsoft.com/en-us/sysinternals/bb963902
Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.
technique
https://capec.mitre.org/data/definitions/564.html
technique
https://attack.mitre.org/techniques/T1547
technique
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privile
Microsoft. (2019, February 14). Active Directory administrative tier model. Retrieved February 21, 2020.