Reference list

From attackics
Jump to navigation Jump to search

The following is a complete list of works cited in this site.

8.3 filename. (n.d.). Retrieved November 12, 2014.
Aleksandr Matrosov. (n.d.). Flame, Duqu and Stuxnet: in‑depth code analysis of mssecmgr.ocx. Retrieved December 27, 2019.
Alexander Bolshev. (2014, March 11). S4x14: HART As An Attack Vector. Retrieved January 5, 2020.
Alexander Bolshev, Gleb Cherbov. (2014, July 08). ICSCorsair: How I will PWN your ERP through 4-20 mA current loop. Retrieved January 5, 2020.
Alexander Hanel. (n.d.). Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved November 3, 2019.
Alintanahin, K. (2014, March 13). Kunming Attack Leads to Gh0st RAT Variant. Retrieved November 12, 2014.
Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.
Alperovitch, D. (2014, October 31). Malware-Free Intrusions. Retrieved November 4, 2014.
Amplia Security. (n.d.). Windows Credentials Editor (WCE) F.A.Q.. Retrieved December 17, 2015.
Andonov, D., et al. (2015, December 7). Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record. Retrieved May 13, 2016.
Andrea Hotter. (n.d.). Retrieved October 16, 2019.
Andy Greenberg. (n.d.). A Guide to LockerGoga, the Ransomware Crippling Industrial Firms. Retrieved October 31, 2019.
Andy Greenberg. (n.d.). Retrieved October 16, 2019.
Andy Greenburg. (2019, June 20). Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount. Retrieved January 3, 2020.
Anthe, C. et al. (2015, October 19). Microsoft Security Intelligence Report Volume 19. Retrieved December 23, 2015.
Anton Cherepanov. (n.d.). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved October 29, 2019.
Anton Cherepanov, ESET. (2017, June 12). Win32/Industroyer: A new threat for industrial control systems. Retrieved September 15, 2017.
Anton Cherepanov, Robert Lipovsky. (2018, October 11). New TeleBots backdoor: First evidence linking Industroyer to NotPetya. Retrieved December 2, 2019.
Aorato. (n.d.). Pass-the-Ticket. Retrieved November 12, 2014.
Aorato. (n.d.). Pass-the-Hash. Retrieved November 12, 2014.
Aquino, M. (2013, June 13). RARSTONE Found In Targeted Attacks. Retrieved December 17, 2015.
BBC. (2016, April 28). German nuclear plant hit by computer viruses. Retrieved October 14, 2019.
Baggett, M. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved December 4, 2014.
Ballenthin, W., et al. (2015). Windows Management Instrumentation (WMI) Offense, Defense, and Forensics. Retrieved March 30, 2016.
Basnight, Zachry, et al.. (n.d.). Retrieved October 17, 2017.
Baumgartner, K.. (2015, June 17). The Spring Dragon APT. Retrieved February 15, 2016.
Baumgartner, K. and Garnaeva, M.. (2015, February 17). BE2 extraordinary plugins, Siemens targeting, dev fails. Retrieved March 24, 2016.
Baumgartner, K. and Garnaeva, M.. (2014, November 3). BE2 custom plugins, router abuse, and target profiles. Retrieved March 24, 2016.
Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved December 17, 2015.
Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.
Beckhoff. (n.d.). TwinCAT 3 Source Control: Project Files. Retrieved November 21, 2019.
Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.
Benjamin Green. (n.d.). On the Significance of Process Comprehension for Conducting Targeted ICS Attacks. Retrieved November 1, 2019.
Berkeley Security, University of California. (n.d.). Securing Remote Desktop for System Administrators. Retrieved November 4, 2014.
Bialek, J. (2015, December 16). Invoke-NinjaCopy.ps1. Retrieved June 2, 2016.
Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.
Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer. (2017, December 14). Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure. Retrieved January 12, 2018.
Blasco, J. (2012, January 12). Sykipot variant hijacks DOD and Windows smart cards. Retrieved January 10, 2016.
Blasco, J. (2013, March 21). New Sykipot developments [Blog]. Retrieved November 12, 2014.
Blasco, J. (2011, December 12). Another Sykipot sample likely targeting US federal agencies. Retrieved March 28, 2016.
Bloxham, B. (n.d.). Getting Windows to Play with Itself [PowerPoint slides]. Retrieved November 12, 2014.
Bonnie Zhu, Anthony Joseph, Shankar Sastry. (2011). A Taxonomy of Cyber Attacks on SCADA Systems. Retrieved January 12, 2018.
Booz Allen Hamilton. (n.d.). When The Lights Went Out. Retrieved October 22, 2019.
Brad Smith. (2017, December 19). Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats. Retrieved December 6, 2019.
Bradley Barth. (n.d.). Retrieved October 16, 2019.
Bruce Schneier. (2008, January 17). Hacking Polish Trams. Retrieved October 17, 2019.
Bryan Lee, Robert Falcone. (2018, July 25). OilRig Targets Technology Service Provider and Government Agency with QUADAGENT. Retrieved October 31, 2019.
Bundesamt für Sicherheit in der Informationstechnik (BSI) (German Federal Office for Information Security). (2014). Die Lage der IT-Sicherheit in Deutschland 2014 (The State of IT Security in Germany). Retrieved October 30, 2019.
Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.
Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015.
C. Russel Mason. (n.d.). Retrieved March 28, 2018.
CCPS. (n.d.). Retrieved December 9, 2019.
CG. (2014, May 20). Mimikatz Against Virtual Machine Memory Part 1. Retrieved November 12, 2014.
CISA. (2017, June 13). HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure. Retrieved December 6, 2019.
CISA. (2017, June 12). Alert (TA17-163A). Retrieved October 22, 2019.
CISA. (n.d.). HIDDEN COBRA - North Korean Malicious Cyber Activity. Retrieved October 31, 2019.
CISA. (2014, January 08). Stuxnet Malware Mitigation (Update B). Retrieved October 22, 2019.
CISA. (2017, May 12). Alert (TA17-132A). Retrieved October 31, 2019.
Camba, A. (2013, February 27). BKDR_RARSTONE: New RAT to Watch Out For. Retrieved January 8, 2016.
Campbell, C. (2014). The Secret Life of Krbtgt. Retrieved December 4, 2014.
Carl Hurd. (2019, March 26). VPNFilter Deep Dive. Retrieved March 28, 2019.
Carvey, H. (2013, July 23). HowTo: Determine/Detect the use of Anti-Forensics Techniques. Retrieved June 3, 2016.
Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.
Catalin Cimpanu. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved October 14, 2019.
Catherine Stupp. (n.d.). Retrieved October 16, 2019.
Chen, X., Scott, M., Caselden, D.. (2014, April 26). New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks. Retrieved January 14, 2016.
Cherepanov, A.. (2016, May 17). Operation Groundbait: Analysis of a surveillance toolkit. Retrieved May 18, 2016.
Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved May 18, 2016.
Chris Bing. (2018, May 24). Trisis masterminds have expanded operations to target U.S. industrial firms. Retrieved January 3, 2020.
Christoph Steitz, Eric Auchard. (2016, April 26). German nuclear plant infected with computer viruses, operator says. Retrieved October 14, 2019.
Ciubotariu, M. (2014, January 23). Trojan.Zeroaccess.C Hidden in NTFS EA. Retrieved December 2, 2014.
ClearSky. (2016, January 7). Operation DustySky. Retrieved January 8, 2016.
Common Weakness Enumeration. (2019, January 03). CWE-400: Uncontrolled Resource Consumption. Retrieved March 14, 2019.
Common Weakness Enumeration. (2019, January 03). CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. Retrieved March 8, 2019.
Corero. (n.d.). Industrial Control System (ICS) Security. Retrieved November 4, 2019.
Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.
Counter Threat Unit Research Team. (2017, June 27). BRONZE UNION Cyberespionage Persists Despite Disclosures. Retrieved October 2, 2017.
Crowdstrike. (2013, October 16). CrowdCasts Monthly: You have and Adversary Problem. Retrieved October 3, 2017.
Crowdstrike Global Intelligence Team. (2014, June 9). CrowdStrike Intelligence Report: Putter Panda. Retrieved January 22, 2016.
CyberESI. (2011). TROJAN.GTALK. Retrieved June 29, 2015.
Cylance. (2014, December). Operation Cleaver. Retrieved December 4, 2014.
DHS CISA. (2019, February 27). MAR-17-352-01 HatMan—Safety System Targeted Malware (Update B). Retrieved March 8, 2019.
DLL injection. (n.d.). Retrieved November 12, 2014.
Daavid Hentunen, Antti Tikkanen. (2014, June 23). Havex Hunts For ICS/SCADA Systems. Retrieved April 1, 2019.
Daniel Oakley, Travis Smith, Tripwire. (n.d.). Retrieved May 30, 2018.
Daniel Peck, Dale Peterson. (2009, January 28). Leveraging Ethernet Card Vulnerabilities in Field Devices. Retrieved December 19, 2017.
Danny Yadron. (2015, December 20). Iranian Hackers Infiltrated New York Dam in 2013. Retrieved November 7, 2019.
Darien Kindlund. (n.d.). Flamer/sKyWIper Malware: Analysis. Retrieved December 27, 2019.
Dark Reading Staff. (2016, April 28). German Nuclear Power Plant Infected With Malware. Retrieved October 14, 2019.
David Voreacos, Katherine Chinglinsky, Riley Griffin. (2019, December 03). Merck Cyberattack’s $1.3 Billion Question: Was It an Act of War?. Retrieved December 6, 2019.
Davidson, L. (n.d.). Windows 7 UAC whitelist. Retrieved November 12, 2014.
Dell SecureWorks. (2015, October 7). Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles. Retrieved January 14, 2016.
Dell SecureWorks. (2013, March 21). Wiper Malware Analysis Attacking Korean Financial Sector. Retrieved May 13, 2015.
Dell SecureWorks. (2015, January 12). Skeleton Key Malware Analysis. Retrieved February 2, 2015.
Dell SecureWorks Counter Threat Unit Special Operations Team. (2015, May 28). Living off the Land. Retrieved January 26, 2016.
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved January 25, 2016.
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, July 30). Sakula Malware Family. Retrieved January 26, 2016.
Dell SecureWorks Counter Threat Unit™ (CTU) Research Team. (2016, March 28). A Novel WMI Persistence Implementation. Retrieved March 30, 2016.
Delpy, B. (2014, September 14). Mimikatz module ~ sekurlsa. Retrieved January 10, 2016.
Dennis L. Sloatman. (2016, September 16). Understanding PLC Programming Methods and the Tag Database System. Retrieved December 19, 2017.
Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.
Deply, B. (2014, January 13). Pass the ticket. Retrieved June 2, 2016.
Desai, D.. (2015, August 14). Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm. Retrieved January 26, 2016.
DiMaggio, J.. (2015, August 6). The Black Vine cyberespionage group. Retrieved January 26, 2016.
Dormann, W. (2015, March 13). The Risks of SSL Inspection. Retrieved April 5, 2016.
Dr. Kelvin T. Erickson. (2010, December). Programmable logic controller hardware. Retrieved March 29, 2018.
Dragos. (2017, December 13). TRISIS Malware Analysis of Safety System Targeted Malware. Retrieved January 12, 2018.
Dragos. (n.d.). Xenotime. Retrieved October 27, 2019.
Dragos. (n.d.). Raspite. Retrieved October 27, 2019.
Dragos. (n.d.). Allanite. Retrieved October 27, 2019.
Dragos. (n.d.). Magnallium. Retrieved October 27, 2019.
Dragos. (n.d.). Chrysene. Retrieved October 27, 2019.
Dragos. (n.d.). Dymalloy. Retrieved October 27, 2019.
Dragos. (n.d.). Electrum. Retrieved October 27, 2019.
Dragos. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved October 14, 2019.
Dragos. (n.d.). Covellite. Retrieved October 27, 2019.
Dragos. (n.d.). Hexane. Retrieved October 27, 2019.
Dragos Inc.. (2017, June 13). Industroyer - Dragos - 201706: Analysis of the Threat to Electic Grid Operations. Retrieved September 18, 2017.
Dragos Threat Intelligence. (2019, August). Global Oil and Gas Cyber Threat Perspective. Retrieved January 3, 2020.
Dragos Threat Intelligence. (2018, September 17). THREAT INTELLIGENCE SUMMARY TR-2018-25: Phishing Campaign Targeting Electric Utility Companies. Retrieved January 3, 2020.
Dragos Threat Intelligence. (2018). ICS Activity Groups and Threat Landscape. Retrieved January 3, 2020.
Dunwoody, M. (2016, February 11). GREATER VISIBILITY THROUGH POWERSHELL LOGGING. Retrieved February 16, 2016.
ESET. (2016, April 28). Malware found at a German nuclear power plant. Retrieved October 14, 2019.
Eduard Kovacs. (2018, May 10). 'Allanite' Group Targets ICS Networks at Electric Utilities in US, UK. Retrieved January 3, 2020.
Eduard Kovacs. (2018, March 1). Five Threat Groups Target Industrial Systems: Dragos. Retrieved January 3, 2020.
Eduard Kovacs. (2018, May 21). Group linked to Shamoon attacks targeting ICS networks in Middle East and UK. Retrieved January 3, 2020.
Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems. (2016, March 18). Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved March 27, 2018.
Ellen Nakashima. (n.d.). Retrieved October 16, 2019.
Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.
Enterprise ATT&CK. (2018, January 11). Command-Line Interface. Retrieved May 17, 2018.
Enterprise ATT&CK. (n.d.). Hooking. Retrieved October 27, 2019.
Enterprise ATT&CK. (2018, April 12). Credential Dumping. Retrieved May 17, 2018.
Enterprise ATT&CK. (n.d.). Exploitation of Remote Services. Retrieved October 27, 2019.
Enterprise ATT&CK. (2018, January 11). Connection Proxy. Retrieved May 17, 2018.
Enterprise ATT&CK. (2018, January 11). Network Sniffing. Retrieved May 17, 2018.
Enterprise ATT&CK. (n.d.). Service Stop. Retrieved October 29, 2019.
Enterprise ATT&CK. (2018, January 11). Remote System Discovery. Retrieved May 17, 2018.
Enterprise ATT&CK. (n.d.). Remote File Copy. Retrieved October 27, 2019.
Enterprise ATT&CK. (2018, January 11). Rootkit. Retrieved May 16, 2018.
Enterprise ATT&CK. (n.d.). WannaCry. Retrieved November 3, 2019.
Enterprise ATT&CK. (n.d.). APT33. Retrieved October 27, 2019.
Enterprise ATT&CK. (2018, January 11). File Deletion. Retrieved May 17, 2018.
Enterprise ATT&CK. (n.d.). NotPetya. Retrieved November 3, 2019.
Enterprise ATT&CK. (n.d.). Dragonfly. Retrieved October 27, 2019.
Enterprise ATT&CK. (2018, March 30). Exploitation for Privilege Escalation. Retrieved May 17, 2018.
Enterprise ATT&CK. (2019, October 25). Spearphishing Attachment. Retrieved October 25, 2019.
Enterprise ATT&CK. (2018, January 11). Indicator Removal on Host. Retrieved May 17, 2018.
Enterprise ATT&CK. (2018, January 11). Brute Force. Retrieved May 17, 2018.
Esler, J., Lee, M., and Williams, C.. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.
Esler, J., Lee, M., and Williams, C.. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.
Executable compression. (n.d.). Retrieved December 4, 2014.
F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.
F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.
F-Secure Labs. (2014, June 23). Havex Hunts For ICS/SCADA Systems. Retrieved October 21, 2019.
F-Secure Labs. (2014, July). COSMICDUKE Cosmu with a twist of MiniDuke. Retrieved July 3, 2014.
F-Secure Labs. (2015, April 22). CozyDuke: Malware Analysis. Retrieved December 10, 2015.
Falcone, R.. (2016, November 30). Shamoon 2: Return of the Disttrack Wiper. Retrieved November 27, 2017.
Falcone, R. and Miller-Osborn, J.. (2016, February 3). Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?. Retrieved February 15, 2016.
Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.
Falcone, R. and Miller-Osborn, J.. (2015, December 18). Attack on French Diplomat Linked to Operation Lotus Blossom. Retrieved February 15, 2016.
Falcone, R. and Wartell, R.. (2015, July 27). Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved January 22, 2016.
Falcone, R., et al.. (2015, June 16). Operation Lotus Blossom. Retrieved February 15, 2016.
Fidelis Cybersecurity. (2016, February 29). The Turbo Campaign, Featuring Derusbi for 64-bit Linux. Retrieved March 2, 2016.
Fidelis Cybersecurity. (2015, December 16). Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign. Retrieved March 24, 2016.
Fidelis Cybersecurity. (2015, August 4). Looking at the Sky for a DarkComet. Retrieved April 5, 2016.
Fidelis Threat Research Team. (2016, May 2). Turbo Twist: Two 64-bit Derusbi Strains Converge. Retrieved June 24, 2016.
Fidelis Threat Research Team. (2016, January 27). Introducing Hi-Zor RAT. Retrieved March 24, 2016.
FireEye. (2016, November 30). FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region. Retrieved November 27, 2017.
FireEye. (2015). APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?. Retrieved August 19, 2015.
FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved November 12, 2014.
FireEye Labs. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved September 17, 2015.
FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.
FireEye Labs. (2014, May 20). The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity. Retrieved November 4, 2014.
FireEye Labs/FireEye Threat Intelligence. (2015, May 14). Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic. Retrieved January 22, 2016.
FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved June 1, 2016.
FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.
FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016.
FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved October 3, 2017.
Fireeye Intelligence. (2018, October 23). TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers. Retrieved December 5, 2019.
Gabriel Sanchez. (2017, October). Man-In-The-Middle Attack Against Modbus TCP Illustrated with Wireshark. Retrieved January 5, 2020.
Gallagher, S.. (2015, August 5). Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”. Retrieved January 25, 2016.
Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.
Ge, L. (2011, September 9). BIOS Threat is Showing up Again!. Retrieved November 14, 2014.
Glyer, C., Kazanciyan, R. (2012, August 20). THE “HIKIT” ROOTKIT: ADVANCED AND PERSISTENT ATTACK TECHNIQUES (PART 1). Retrieved June 6, 2016.
Gostev, A.. (2014, March 12). Agent.btz: a Source of Inspiration?. Retrieved April 8, 2016.
Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved June 24, 2015.
Gross, J. (2016, February 23). Operation Dust Storm. Retrieved February 25, 2016.
Gross, J. and Walter, J.. (2016, January 12). Puttering into the Future.... Retrieved January 22, 2016.
Group-IB and Fox-IT. (2014, December). Anunak: APT against financial institutions. Retrieved April 20, 2016.
Grunzweig, J. and Miller-Osborn, J.. (2016, February 4). T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques. Retrieved April 15, 2016.
Haight, J. (2016, April 21). PS>Attack. Retrieved June 1, 2016.
Hakobyan, A. (2009, January 8). FDump - Dumping File Sectors Directly from Disk using Logical Offsets. Retrieved November 12, 2014.
Haq, T. (2014, October). An Insight into Symbiotic APT Groups. Retrieved November 4, 2015.
Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014.
Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015.
Harrell, C. (2012, December 11). Extracting ZeroAccess from NTFS Extended Attributes. Retrieved June 3, 2016.
Hill, T. (n.d.). Windows NT Command Shell. Retrieved December 5, 2014.
Huss, D.. (2016, March 1). Operation Transparent Tribe. Retrieved June 8, 2016.
Hydro. (n.d.). Retrieved October 16, 2019.
ICS CERT. (2018, September 06). Advantech/Broadwin WebAccess RPC Vulnerability (Update B). Retrieved December 5, 2019.
ICS-CERT. (n.d.). Retrieved October 17, 2017.
ICS-CERT. (2016, February 25). Cyber-Attack Against Ukrainian Critical Infrastructure. Retrieved March 8, 2019.
ICS-CERT. (2018, December 18). Advisory (ICSA-18-107-02) - Schneider Electric Triconex Tricon (Update B). Retrieved March 8, 2019.
ICS-CERT. (n.d.). Secure Architecture Design Definitions. Retrieved March 28, 2018.
ICS-CERT. (2018, August 22). Advisory (ICSA-14-178-01). Retrieved April 1, 2019.
ICS-CERT. (2014, December 10). ICS Alert (ICS-ALERT-14-281-01E) Ongoing Sophisticated Malware Campaign Compromising ICS (Update E). Retrieved October 11, 2019.
ICS-CERT. (2017, April 18). CS Alert (ICS-ALERT-17-102-01A) BrickerBot Permanent Denial-of-Service Attack. Retrieved October 24, 2019.
ICS-CERT. (2018, August 22). Alert (ICS-ALERT-14-176-02A). Retrieved April 1, 2019.
ICS-CERT. (2017, October 21). Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved October 23, 2017.
ICS-CERT. (2018, August 27). Advisory (ICSA-15-202-01) - Siemens SIPROTEC Denial-of-Service Vulnerability. Retrieved March 14, 2019.
IEEE. (n.d.). Retrieved March 28, 2018.
ISA. (n.d.). Retrieved March 28, 2018.
Ionut Arghire. (2019, August 28). Researchers Analyze Tools Used by 'Hexane' Attackers Against Industrial Firms. Retrieved January 3, 2020.
J.D. Tygar. (2011). Retrieved October 17, 2017.
Jacobsen, K. (2014, May 16). Lateral Movement with PowerShell[slides]. Retrieved November 12, 2014.
Jacqueline O'Leary et al.. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved December 2, 2019.
Jarrad Shearer. (n.d.). W32.Stuxnet Writeup. Retrieved October 22, 2019.
Jeff Jones. (2018, May 10). Dragos Releases Details on Suspected Russian Infrastructure Hacking Team ALLANITE. Retrieved January 3, 2020.
Jeffery Burt. (2019, August 30). Lyceum APT Group a Fresh Threat to Oil and Gas Companies. Retrieved January 3, 2020.
Joe Slowik. (2019, August 15). CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack. Retrieved October 22, 2019.
Joe Slowik. (2019, April 10). Implications of IT Ransomware for ICS Environments. Retrieved October 27, 2019.
Joel Langill. (2014, January 21). Stuxnet Mitigation. Retrieved October 22, 2019.
John Bill. (2017, May 12). Hacked Cyber Security Railways. Retrieved October 17, 2019.
John Hultquist. (2016, January 07). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved March 8, 2019.
John Karl-Heinz. (n.d.). Programming Industrial Automation Systems. Retrieved October 22, 2019.
Jos Wetzels. (2018, January 16). Analyzing the TRITON industrial malware. Retrieved October 22, 2019.
Jos Wetzels, Marina Krotofil. (2019). A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded Devices. Retrieved November 1, 2019.
Julian Gutmanis. (2019, March 11). Triton - A Report From The Trenches. Retrieved March 11, 2019.
Julian Rrushi, Hassan Farhangi, Clay Howey, Kelly Carmichael, Joey Dabell. (2015, December 08). A Quantitative Evaluation of the Target Selection of Havex ICS Malware Plugin. Retrieved April 1, 2019.
Junnosuke Yagi. (2017, March 07). Trojan.Stonedrill. Retrieved December 5, 2019.
Kanthak, S. (2016, July 20). Vulnerability and Exploit Detector. Retrieved July 20, 2016.
Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.
Kaspersky Lab's Global Research and Analysis Team. (2014, November). The Darkhotel APT A Story of Unusual Hospitality. Retrieved November 12, 2014.
Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.
Kaspersky Lab's Global Research and Analysis Team. (2013). THE ‘ICEFOG’ APT: A TALE OF CLOAK AND THREE DAGGERS. Retrieved November 12, 2014.
Kaspersky Lab's Global Research and Analysis Team. (2014, November 24). THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS. Retrieved December 1, 2014.
Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 3, 2015.
Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
Kaspersky Lab's Global Research and Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved December 10, 2015.
Kaspersky Lab's Global Research and Analysis Team. (2016, February 9). Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage. Retrieved March 16, 2016.
Kazanciyan, R. & Hastings, M. (2014). Defcon 22 Presentation. Investigating PowerShell Attacks [slides]. Retrieved November 3, 2014.
Keith Stouffer. (2015, May). Guide to Industrial Control Systems (ICS) Security. Retrieved March 28, 2018.
Kelly Jackson Higgins. (n.d.). How a Manufacturing Firm Recovered from a Devastating Ransomware Attack. Retrieved November 3, 2019.
Kelly Jackson Higgins. (2012, August 22). Shamoon, Saudi Aramco, and Targeted Destruction. Retrieved November 1, 2017.
Kernkraftwerk Gundremmingen. (2016, April 25). Detektion von Büro-Schadsoftware an mehreren Rechnern. Retrieved October 14, 2019.
Kevin Beaumont. (n.d.). How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business. Retrieved October 16, 2019.
Kevin Savage and Branko Spasojevic. (n.d.). W32.Flamer. Retrieved November 3, 2019.
Kim Zetter. (2012, August 30). Qatari Gas Company Hit with Virus in Wave of Attacks on Energy Companies. Retrieved November 1, 2017.
Kuster, R. (2003, August 20). Three Ways to Inject Your Code into Another Process. Retrieved November 12, 2014.
Kyle Wilhoit. (n.d.). ICS Malware: Havex and Black Energy. Retrieved October 22, 2019.
Kyle Wilhoit. (2014, July 17). Havex, It’s Down With OPC. Retrieved October 22, 2019.
Ladikov, A. (2015, January 29). Why You Shouldn’t Completely Trust Files Signed with Digital Certificates. Retrieved March 31, 2016.
Lambert, J. (2015, April 26). Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.. Retrieved May 13, 2015.
Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.
Lau, H. (2011, August 8). Are MBR Infections Back in Fashion? (Infographic). Retrieved November 13, 2014.
Lee Mathews. (2016, April 27). German nuclear plant found riddled with Conficker, other viruses. Retrieved October 14, 2019.
Lee, T., Hanzlik, D., Ahl, I. (2013, August 7). Breaking Down the China Chopper Web Shell - Part I. Retrieved March 27, 2015.
Leitch, J. (n.d.). Process Hollowing. Retrieved November 12, 2014.
Lich, B. (2016, May 31). Protect derived domain credentials with Credential Guard. Retrieved June 1, 2016.
Lich, B. (2016, May 31). How User Account Control Works. Retrieved June 3, 2016.
Lin, P. (2015, July 13). Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Retrieved December 11, 2015.
Line Tomter. (n.d.). Retrieved October 16, 2019.
MDudek-ICS. (n.d.). TRISIS-TRITON-HATMAN. Retrieved November 3, 2019.
MITRE. (2018, March 22). CVE-2015-5374. Retrieved March 14, 2019.
MITRE. (n.d.). Retrieved October 16, 2019.
MITRE. (2018, May 04). CVE-2018-8872. Retrieved March 8, 2019.
MITRE. (n.d.). System Network Connections Discovery. Retrieved May 31, 2018.
MITRE. (2018, May 04). CVE-2018-7522. Retrieved March 8, 2019.
Malware Archaeology. (2016, June). WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later. Retrieved June 24, 2016.
Mandiant. (n.d.). Appendix C (Digital) - The Malware Arsenal. Retrieved July 18, 2016.
Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.
Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
Mandiant. (2016, February). M-Trends 2016. Retrieved May 25, 2016.
Mandiant. (2015, February 24). M-Trends 2015: A View from the Front Lines. Retrieved May 18, 2016.
Mandiant. (2010, August 31). DLL Search Order Hijacking Revisited. Retrieved December 5, 2014.
Manish Sardiwal et al.. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved October 31, 2019.
Manuel, J. and Plantado, R.. (2015, August 9). Win32/Kasidet. Retrieved March 24, 2016.
Marc-Etienne M.Léveillé. (2017, October 24). Bad Rabbit: Not‑Petya is back with improved ransomware. Retrieved October 27, 2019.
Marczak, B. and Scott-Railton, J.. (2016, May 29). Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents. Retrieved June 8, 2016.
Mark Thompson. (2016, March 24). Iranian Cyber Attack on New York Dam Shows Future of War. Retrieved November 7, 2019.
Mark Weber. (2012, March 28). Practical Applications of IEC 61131 in Modern Electrical Substations. Retrieved October 22, 2019.
Marshall Abrams. (2008, July 23). Malicious Control System Cyber Security Attack Case Study– Maroochy Water Services, Australia. Retrieved March 27, 2018.
McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved March 4, 2015.
Medin, T. (2013, August 8). PsExec UAC Bypass. Retrieved June 3, 2016.
Merritt, E.. (2015, November 16). Shining the Spotlight on Cherry Picker PoS Malware. Retrieved April 20, 2016.
Metasploit. (n.d.). Retrieved December 4, 2014.
Metcalf, S. (2014, November 22). Mimikatz and Active Directory Kerberos Attacks. Retrieved June 2, 2016.
Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.
Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015.
Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.
Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016.
Michael J. Assante and Robert M. Lee. (n.d.). The Industrial Control System Cyber Kill Chain. Retrieved November 4, 2019.
Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
Microsoft. (n.d.). Regsvcs.exe (.NET Services Installation Tool). Retrieved July 1, 2016.
Microsoft. (n.d.). Schtasks. Retrieved April 28, 2016.
Microsoft. (n.d.). File Streams. Retrieved December 2, 2014.
Microsoft. (n.d.). About the Clipboard. Retrieved March 29, 2016.
Microsoft. (2016, April 16). Implementing Least-Privilege Administrative Models. Retrieved June 3, 2016.
Microsoft. (n.d.). The COM Elevation Moniker. Retrieved July 26, 2016.
Microsoft. (n.d.). Manifests. Retrieved December 5, 2014.
Microsoft. (n.d.). Nbtstat. Retrieved April 17, 2016.
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved February 13, 2015.
Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
Microsoft. (n.d.). How to disable the Autorun functionality in Windows. Retrieved April 20, 2016.
Microsoft. (n.d.). What is UEFI?. Retrieved December 17, 2015.
Microsoft. (n.d.). Internet Control Message Protocol (ICMP) Basics. Retrieved December 1, 2014.
Microsoft. (n.d.). Regasm.exe (Assembly Registration Tool). Retrieved July 1, 2016.
Microsoft. (n.d.). Run and RunOnce Registry Keys. Retrieved November 12, 2014.
Microsoft. (n.d.). Windows PowerShell Scripting. Retrieved April 28, 2016.
Microsoft. (2016, April 15). Audit Policy Recommendations. Retrieved June 3, 2016.
Microsoft. (n.d.). Services. Retrieved June 7, 2016.
Microsoft. (n.d.). Retrieved July 26, 2016.
Microsoft. (n.d.). Dynamic-Link Library Redirection. Retrieved December 5, 2014.
Microsoft. (n.d.). Route. Retrieved April 17, 2016.
Microsoft. (2015, August 14). How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages. Retrieved June 22, 2016.
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015.
Microsoft. (2007, August 31). https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx. Retrieved April 20, 2016.
Microsoft. (n.d.). CreateProcess function. Retrieved December 5, 2014.
Microsoft. (n.d.). Manage Trusted Publishers. Retrieved March 31, 2016.
Microsoft. (n.d.). Specifying File Handlers for File Name Extensions. Retrieved November 13, 2014.
Microsoft. (2005, January 21). The Netsh Command-Line Utility. Retrieved April 20, 2016.
Microsoft. (n.d.). Enable the Remote Registry Service. Retrieved May 1, 2015.
Microsoft. (n.d.). AppInit DLLs and Secure Boot. Retrieved July 15, 2015.
Microsoft. (2014, November 18). Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780). Retrieved December 23, 2015.
Microsoft. (2005, January 21). Task Scheduler and security. Retrieved June 8, 2016.
Microsoft. (n.d.). Change which programs Windows 7 uses by default. Retrieved July 26, 2016.
Microsoft. (2010, August 22). Microsoft Security Advisory 2269637 Released. Retrieved December 5, 2014.
Microsoft. (n.d.). Netstat. Retrieved April 17, 2016.
Microsoft. (2005, January 21). Creating logon scripts. Retrieved April 27, 2016.
Microsoft. (2006, October 18). Net.exe Utility. Retrieved September 22, 2015.
Microsoft. (n.d.). Configure Network Level Authentication for Remote Desktop Services Connections. Retrieved June 6, 2016.
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.
Microsoft. (n.d.). Arp. Retrieved April 17, 2016.
Microsoft. (n.d.). Del. Retrieved April 22, 2016.
Microsoft. (n.d.). Systeminfo. Retrieved April 8, 2016.
Microsoft. (n.d.). Secure the Windows 8.1 boot process. Retrieved June 11, 2016.
Microsoft. (2009, June 3). Netsh Commands for Windows Firewall. Retrieved April 20, 2016.
Microsoft. (2012, April 17). Reg. Retrieved May 1, 2015.
Microsoft. (2006, October). Working with the AppInit_DLLs registry value. Retrieved July 15, 2015.
Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.
Microsoft. (n.d.). Environment Property. Retrieved July 27, 2016.
Microsoft. (n.d.). Dynamic-Link Library Search Order. Retrieved November 30, 2014.
Microsoft. (n.d.). Dsquery. Retrieved April 18, 2016.
Microsoft. (2011, January 12). Distributed Transaction Coordinator. Retrieved February 25, 2016.
Microsoft. (n.d.). Windows Management Instrumentation. Retrieved April 27, 2016.
Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.
Microsoft. (n.d.). Manifests. Retrieved June 3, 2016.
Microsoft. (n.d.). Overview of Remote Desktop Gateway. Retrieved June 6, 2016.
Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.
Microsoft. (n.d.). Ipconfig. Retrieved April 17, 2016.
Microsoft. (n.d.). CurrentControlSet\Services Subkey Entries. Retrieved November 30, 2014.
Microsoft. (n.d.). Ping. Retrieved April 8, 2016.
Microsoft. (n.d.). AddMonitor function. Retrieved November 12, 2014.
Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
Microsoft. (n.d.). Installutil.exe (Installer Tool). Retrieved July 1, 2016.
Microsoft. (n.d.). At. Retrieved April 28, 2016.
Microsoft. (2016, April 15). Attractive Accounts for Credential Theft. Retrieved June 3, 2016.
Microsoft. (2004, February 6). Perimeter Firewall Design. Retrieved April 25, 2016.
Microsoft. (n.d.). Remote Desktop Services. Retrieved June 1, 2016.
Microsoft. (2003, March 28). What Is RPC?. Retrieved June 12, 2016.
Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved January 28, 2015.
Microsoft. (n.d.). WinExec function. Retrieved December 5, 2014.
Microsoft. (n.d.). Windows Remote Management. Retrieved November 12, 2014.
Miller-Osborn, J and Grunzweig, J. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved October 3, 2017.
Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.
Minister of Energy and Coal Industry of Ukraine. (2016, December 2). The Ministry of Energy and Coal intends to form a group of representatives of all energy companies within the management of the Ministry to study the possibilities of preventing unauthorized interference in the operation of power grids.. Retrieved December 19, 2017.
Moran, N. and Lanstein, A.. (2014, March 25). Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370. Retrieved April 15, 2016.
Moran, N., & Villeneuve, N. (2013, August 12). Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]. Retrieved November 12, 2014.
Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.
Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.
Myers, M., and Youndt, S. (2007). An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits. Retrieved November 13, 2014.
N.A. (n.d.). Advanced Persistent Threat Group 34. Retrieved October 31, 2019.
NCAS. (2018, March 15). Alert (TA18-074A) Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved October 11, 2019.
NCCIC. (2014, January 1). Internet Accessible Control Systems At Risk. Retrieved November 7, 2019.
NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.
Nagaraju, S. (2014, April 8). MS14-019 – Fixing a binary hijacking via .cmd or .bat file. Retrieved July 25, 2016.
National Institiute of Standards and Technology. (2015, May). NIST Special Publication 800-82 Revision 2. Retrieved May 30, 2018.
National Security Agency. (2016, May 4). Secure Host Baseline EMET. Retrieved June 22, 2016.
National Security Agency/Central Security Service Information Assurance Directorate. (2013, December 16). Spotting the Adversary with Windows Event Log Monitoring. Retrieved November 12, 2014.
Nell Nelson. (2016, January 18). The Impact of Dragonfly Malware on Industrial Control Systems. Retrieved October 22, 2019.
Nick Biasini. (n.d.). Retrieved October 16, 2019.
Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier (Version 1.4). Retrieved September 22, 2017.
Nolen, R., Miller, S., Valdez, R. (2016, April 28). Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”. Retrieved June 22, 2016.
Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Destructive Malware Report. Retrieved March 2, 2016.
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Loaders, Installers and Uninstallers Report. Retrieved March 2, 2016.
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Tools Report. Retrieved March 10, 2016.
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report. Retrieved March 16, 2016.
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. Retrieved February 25, 2016.
OWASP. (2013, January 30). Binary planting. Retrieved June 7, 2016.
Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov. (2017, October 27). Bad Rabbit Ransomware. Retrieved October 27, 2019.
PLCdev. (n.d.). Siemens SIMATIC Step 7 Programmer's Handbook. Retrieved November 21, 2019.
Payne, J. (2015, November 26). Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts. Retrieved February 1, 2016.
Payne, J. (2015, November 23). Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.). Retrieved February 1, 2016.
Peter Dockrill. (2016, April 28). Multiple Computer Viruses Have Been Discovered in This German Nuclear Plant. Retrieved October 14, 2019.
PowerSploit. (n.d.). Retrieved December 4, 2014.
PwC and BAE Systems. (2017, April). Operation CloudHopper. Retrieved October 2, 2017.
PwC and BAE Systems. (2017, April). Operation CloudHopper Technical Annex. Retrieved October 2, 2017.
RSA Incident Response. (2014, January). RSA Incident Response Emerging Threat Profile: Shell Crew. Retrieved January 14, 2016.
RYANJ. (2014, February 20). Mo’ Shells Mo’ Problems – Deep Panda Web Shells. Retrieved September 16, 2015.
Raff, A. (2015, April 30). New Dyre Version- Yet Another Malware Evading Sandboxes. Retrieved July 18, 2016.
Rail Accident Investigation Branch (RAIB). (2016, November 9). Rail Accident Report: Overturning of a tram at Sandilands junction, Croydon. Retrieved October 14, 2019.
Ralph Langner. (2013, November). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve. Retrieved March 27, 2018.
Ray, V., Hayashi, K. (2016, February 29). New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.
Robert Falcone, Bryan Lee. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved November 19, 2019.
Robert Hackett. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved December 4, 2019.
Russinovich, M. (2004, June 28). PsExec. Retrieved December 17, 2015.
Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.
Russinovich, M. (2009, July). User Account Control: Inside Windows 7 User Account Control. Retrieved July 26, 2016.
Russinovich, M. (2014, May 2). Windows Sysinternals PsExec v2.11. Retrieved May 13, 2015.
Ryan Stewart. (n.d.). Retrieved October 16, 2019.
SRD Blog Author. (2014, July 31). Announcing EMET 5.0. Retrieved November 12, 2014.
Sancho, D., Hacquebord, F., Link, R. (2014, July 22). Finding Holes Operation Emmental. Retrieved February 9, 2016.
Savill, J. (1999, March 4). Net.exe reference. Retrieved September 22, 2015.
Schneider. (2018, December 14). Security Notification – EcoStruxure Triconex Tricon V3. Retrieved March 8, 2019.
Schneider Electric. (2018, January 23). TRITON - Schneider Electric Analysis and Disclosure. Retrieved March 14, 2019.
Schneider Electric. (2018, December 14). Security Notification - EcoStruxure Triconex Tricon V3. Retrieved August 26, 2019.
Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.
Scott, M.. (2014, June 10). Clandestine Fox, Part Deux. Retrieved January 14, 2016.
Sean Baird, Earl Carter, Erick Galinkin, Christopher Marczewski & Joe Marshall. (2017, July 07). Attack on Critical Infrastructure Leverages Template Injection. Retrieved December 5, 2019.
Sean Gallagher. (2016, April 27). German nuclear plant’s fuel rod system swarming with old malware. Retrieved October 14, 2019.
SecureWorks. (2013). The Lifecycle of Peer-to-Peer (Gameover) ZeuS. Retrieved August 19, 2015.
SecureWorks. (2019, August 27). LYCEUM Takes Center Stage in Middle East Campaign. Retrieved November 19, 2019.
Security Research and Defense. (2014, May 13). MS14-025: An Update for Group Policy Preferences. Retrieved January 28, 2015.
Shelley Smith. (2008, February 12). Teen Hacker in Poland Plays Trains and Derails City Tram System. Retrieved October 17, 2019.
Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.
Shevchenko, S.. (2008, November 30). Agent.btz - A Threat That Hit Pentagon. Retrieved April 8, 2016.
Shinotsuka, H. (2013, February 22). How Attackers Steal Private Keys from Digital Certificates. Retrieved March 31, 2016.
Smith, C. (2016, April 19). Bypass Application Whitelisting Script Protections - Regsvr32.exe & COM Scriptlets (.sct files). Retrieved June 22, 2016.
Smith, C. (2015, November 9). All-Natural, Organic, Free Range, Sustainable, Whitelisting Evasion - Regsvcs and RegAsm. Retrieved July 1, 2016.
Smith, C. (2015, August 24). Application Whitelisting Evasion 101 - Trusted Things That Execute Things "InstallUtil.exe". Retrieved June 17, 2016.
Spenneberg, Ralf. (2016). PLC-Blaster. Retrieved June 6, 2019.
Spenneberg, Ralf, Maik Brüggemann, and Hendrik Schwartke. (2016, March 31). Plc-blaster: A worm living solely in the plc.. Retrieved September 19, 2017.
Stama, D.. (2015, February 6). Backdoor.Mivast. Retrieved February 15, 2016.
Stewart, A. (2014). DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry. Retrieved November 12, 2014.
Sutherland, S. (2014, September 9). 15 Ways to Bypass the PowerShell Execution Policy. Retrieved July 23, 2015.
Symantec. (2018, May 02). Trojan.Trisis. Retrieved March 8, 2019.
Symantec. (n.d.). W32.Duqu The precursor to the next Stuxnet. Retrieved November 3, 2019.
Symantec. (2017, September 6). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 14, 2017.
Symantec. (2017, July 28). Trojan.Karagany.B. Retrieved September 27, 2017.
Symantec. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved December 2, 2019.
Symantec. (2015, January 26). The Waterbug attack group. Retrieved April 10, 2015.
Symantec. (2017, July 10). Trojan.Listrix. Retrieved September 20, 2017.
Symantec. (2018, July 25). Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions. Retrieved November 4, 2019.
Symantec. (n.d.). Retrieved October 17, 2017.
Symantec. (2017, July 31). Trojan.Heriplor. Retrieved September 20, 2017.
Symantec. (2015, June 30). Simple steps to protect yourself from the Conficker Worm. Retrieved December 5, 2019.
Symantec. (2014, June 30). Dragonfly: Western Energy Companies Under Sabotage Threat. Retrieved October 22, 2019.
Symantec. (2017, December 14). Triton: New Malware Threatens Industrial Safety Systems. Retrieved March 8, 2019.
Symantec Security Response. (2011, November). W32.Duqu: The precursor to the next Stuxnet. Retrieved September 17, 2015.
Symantec Security Response. (2014, July 7). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.
Symantec Security Response. (2017, May 22). WannaCry: Ransomware attacks show strong links to Lazarus group. Retrieved December 9, 2019.
Symantec Security Response. (2015, July 13). “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory. Retrieved July 22, 2015.
Tang, J. (2015, October 19). New Headaches: How The Pawn Storm Zero-Day Evaded Java’s Click-to-Play Protection. Retrieved December 23, 2015.
Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.
The Office of Nuclear Reactor Regulation. (n.d.). Triconex Topical Report 7286-545-1. Retrieved May 30, 2018.
ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China's Unit 78020. Retrieved December 17, 2015.
ThreatConnect Research Team. (2015, February 27). The Anthem Hack: All Roads Lead to China. Retrieved January 26, 2016.
Tilbury, C. (2014, August 28). Registry Analysis with CrowdResponse. Retrieved November 12, 2014.
Tinaztepe, E. (n.d.). The Adventures of a Keystroke: An in-depth look into keyloggers on Windows. Retrieved April 27, 2016.
Tivadar, M., et al. (2013). A Closer Look at MiniDuke. Retrieved April 15, 2016.
Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.
Trend Micro. (2012). The Taidoor Campaign. Retrieved November 12, 2014.
Trend Micro. (2016, April 27). Malware Discovered in German Nuclear Power Plant. Retrieved October 14, 2019.
TrueSec. (n.d.). gsecdump v2.0b5. Retrieved September 29, 2015.
Trusted Computing Group. (2008, April 29). Trusted Platform Module (TPM) Summary. Retrieved June 8, 2016.
Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved October 2, 2017.
Tyson Macaulay. (n.d.). RIoT Control: Understanding and Managing Risks and the Internet of Things. Retrieved November 4, 2019.
UACME Project. (2016, June 16). UACMe. Retrieved July 26, 2016.
UEFI Forum. (n.d.). About UEFI Forum. Retrieved January 5, 2016.
US-CERT. (2015, November 13). Compromised Web Servers and Web Shells - Threat Awareness and Guidance. Retrieved June 8, 2016.
Upham, K. (2014, March). Going Deep into the BIOS with MITRE Firmware Security Research. Retrieved January 5, 2016.
Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.
Veil Framework. (n.d.). Retrieved December 4, 2014.
Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.
Villeneuve, N., Haq, H., Moran, N. (2013, August 23). OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY. Retrieved April 1, 2016.
Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.
Villeneuve, N., Sancho, D. (2011). THE “LURID” DOWNLOADER. Retrieved November 12, 2014.
virtualization.info. (Interviewer) & Liguori, A. (Interviewee). (2006, August 11). Debunking Blue Pill myth [Interview transcript]. Retrieved November 13, 2014.
Ward, S.. (2014, October 14). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved April 8, 2016.
Wikipedia. (2016, June 15). File Transfer Protocol. Retrieved July 20, 2016.
Wikipedia. (n.d.). Password cracking. Retrieved December 23, 2015.
Wikipedia. (2016, June 1). Rootkit. Retrieved June 2, 2016.
Wikipedia. (2016, May 23). Hypervisor. Retrieved June 11, 2016.
Wikipedia. (n.d.). List of network protocols (OSI model). Retrieved December 4, 2014.
Wikipedia. (2016, June 26). Command-line interface. Retrieved June 27, 2016.
Wikipedia. (n.d.). BIOS. Retrieved January 5, 2016.
Wikipedia. (2016, March 31). List of file signatures. Retrieved April 22, 2016.
Wikipedia. (2016, June 12). Server Message Block. Retrieved June 12, 2016.
Wikipedia. (2015, November 10). Code Signing. Retrieved March 31, 2016.
Wikipedia. (2016, January 26). ifconfig. Retrieved April 17, 2016.
Wikipedia. (1985, June 22). pwdump. Retrieved June 22, 2016.
Wikipedia. (n.d.). Windows Registry. Retrieved February 2, 2015.
Wilhoit, K. (2013, March 4). In-Depth Look: APT Attack Tools of the Trade. Retrieved December 2, 2015.
William Largent. (2018, June 06). VPNFilter Update - VPNFilter exploits endpoints, targets new devices. Retrieved March 28, 2019.
Winters, R.. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016.
Wrightson, T. (2012, January 2). CAPTURING WINDOWS 7 CREDENTIALS AT LOGON USING CUSTOM CREDENTIAL PROVIDER. Retrieved November 12, 2014.
Wyke, J. (2012, April). ZeroAccess. Retrieved July 18, 2016.
Xen. (n.d.). In Wikipedia. Retrieved November 13, 2014.
Yadav, A., et al. (2016, January 29). Malicious Office files dropping Kasidet and Dridex. Retrieved March 24, 2016.
... further results

 Citation textThis property is a special property in this wiki.
Reference/1Ryan Stewart. (n.d.). Retrieved October 16, 2019.
Reference/10Russinovich, M. (2004, June 28). PsExec. Retrieved December 17, 2015.
Reference/100TrueSec. (n.d.). gsecdump v2.0b5. Retrieved September 29, 2015.
Reference/101Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.
Reference/102Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.
Reference/103Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.
Reference/104Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015.
Reference/105Haq, T. (2014, October). An Insight into Symbiotic APT Groups. Retrieved November 4, 2015.
Reference/106Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.
Reference/107Nagaraju, S. (2014, April 8). MS14-019 – Fixing a binary hijacking via .cmd or .bat file. Retrieved July 25, 2016.
Reference/108Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.
Reference/109Wilhoit, K. (2013, March 4). In-Depth Look: APT Attack Tools of the Trade. Retrieved December 2, 2015.
Reference/11Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015.
Reference/110FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.
Reference/111Kaspersky Lab's Global Research and Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved December 10, 2015.
Reference/112F-Secure Labs. (2015, April 22). CozyDuke: Malware Analysis. Retrieved December 10, 2015.
Reference/113F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.
Reference/114Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015.
Reference/115Lin, P. (2015, July 13). Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Retrieved December 11, 2015.
Reference/116Amplia Security. (n.d.). Windows Credentials Editor (WCE) F.A.Q.. Retrieved December 17, 2015.
Reference/117Microsoft. (n.d.). What is UEFI?. Retrieved December 17, 2015.
Reference/118Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved December 17, 2015.
Reference/119Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.
Reference/12Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved June 24, 2015.
Reference/120ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China's Unit 78020. Retrieved December 17, 2015.
Reference/121Aquino, M. (2013, June 13). RARSTONE Found In Targeted Attacks. Retrieved December 17, 2015.
Reference/122Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.
Reference/123Wikipedia. (n.d.). Password cracking. Retrieved December 23, 2015.
Reference/124RYANJ. (2014, February 20). Mo’ Shells Mo’ Problems – Deep Panda Web Shells. Retrieved September 16, 2015.
Reference/125Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.
Reference/126Sutherland, S. (2014, September 9). 15 Ways to Bypass the PowerShell Execution Policy. Retrieved July 23, 2015.
Reference/127Lambert, J. (2015, April 26). Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.. Retrieved May 13, 2015.
Reference/128Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.
Reference/129Microsoft. (2014, November 18). Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780). Retrieved December 23, 2015.
Reference/13PowerSploit. (n.d.). Retrieved December 4, 2014.
Reference/130Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015.
Reference/131Tang, J. (2015, October 19). New Headaches: How The Pawn Storm Zero-Day Evaded Java’s Click-to-Play Protection. Retrieved December 23, 2015.
Reference/132Anthe, C. et al. (2015, October 19). Microsoft Security Intelligence Report Volume 19. Retrieved December 23, 2015.
Reference/133Upham, K. (2014, March). Going Deep into the BIOS with MITRE Firmware Security Research. Retrieved January 5, 2016.
Reference/134UEFI Forum. (n.d.). About UEFI Forum. Retrieved January 5, 2016.
Reference/135Wikipedia. (n.d.). BIOS. Retrieved January 5, 2016.
Reference/136Camba, A. (2013, February 27). BKDR_RARSTONE: New RAT to Watch Out For. Retrieved January 8, 2016.
Reference/137ClearSky. (2016, January 7). Operation DustySky. Retrieved January 8, 2016.
Reference/138Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.
Reference/139Blasco, J. (2012, January 12). Sykipot variant hijacks DOD and Windows smart cards. Retrieved January 10, 2016.
Reference/14Veil Framework. (n.d.). Retrieved December 4, 2014.
Reference/140Delpy, B. (2014, September 14). Mimikatz module ~ sekurlsa. Retrieved January 10, 2016.
Reference/141Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016.
Reference/142Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.
Reference/143Dell SecureWorks. (2015, October 7). Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles. Retrieved January 14, 2016.
... further results