- Fireeye HammerToss PDF: https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
- 7 Years of Dukes: https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/
- RTM Banking malware: https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf
- Lowball Malware: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
- CloudAtlas malware: https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/
- DropSmack: https://media.blackhat.com/eu-13/briefings/Williams/bh-eu-13-dropsmack-jwilliams-wp.pdf
- DBC2: https://github.com/Arno0x/DBC2
- Empire: https://github.com/EmpireProject/Empire
- GCat: https://github.com/byt3bl33d3r/gcat
- GDog: https://github.com/maldevel/gdog
- Twittor: https://github.com/PaulSec/twittor
- Instegogram: https://github.com/endgameinc/instegogram
- Command Line Auditing: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
- Device Guard: https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide
- Matt Graebers Device Guard Intro: http://www.exploit-monday.com/2016/09/introduction-to-windows-device-guard.html
- Monitoring what matters by Jessica Payne: https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/
- ATTACK list of services based malware: https://attack.mitre.org/wiki/Technique/T1102
- Jeff Dimmock and Steve Borosh Red Team Wiki: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
- Justin Warner and Jon Perez - Abusing Accepted Risk with 3rd Party C2: https://www.slideshare.net/sixdub/abusing-accepted-risk-with-3rd-party-c2-hackmiamicon5