https://www.proofpoint.com/us/blog/threat-insight/ransom-ddos-extortion-actor-fancy-lazarus-returns

https://redcanary.com/threat-detection-report/threats/bazar/

https://redcanary.com/threat-detection-report/threats/icedid/

https://redcanary.com/threat-detection-report/threats/cobalt-strike/

https://www.kaseya.com/press-release/kaseya-responds-swiftly-to-sophisticated-cyberattack-mitigating-global-disruption-to-customers/

https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident

https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya

https://redcanary.com/blog/uncompromised-kaseya/

https://www.cisa.gov/uscert/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js

https://www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/

https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices

https://thehackernews.com/2021/11/two-npm-packages-with-22-million-weekly.html

https://proxylogon.com/

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

https://twitter.com/MsftSecIntel/status/1370236539427459076?s=20

https://techcommunity.microsoft.com/t5/exchange-team-blog/proxyshell-vulnerabilities-and-your-exchange-server/ba-p/2684705

https://www.mandiant.com/resources/pst-want-shell-proxyshell-exploiting-microsoft-exchange-servers

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html

https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/

https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689

https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

https://www.manageengine.com/products/service-desk/security-response-plan.html

https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html

https://www.manageengine.com/

https://resources.infosecinstitute.com/topic/phishing-as-a-service/

https://www.trendmicro.com/vinfo/de/security/news/cybercrime-and-digital-threats/investigating-the-emerging-access-as-a-service-market

https://blog.morphisec.com/tracking-hcrypt-an-active-crypter-as-a-service

https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/

https://redcanary.com/threat-detection-report/threats/trickbot/

https://redcanary.com/threat-detection-report/threats/ta551/

https://twitter.com/malware_traffic/status/1440847489876185091

https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

https://redcanary.com/threat-detection-report/trends/crypters

https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

https://github.com/microsoft/CSS-Exchange/blob/main/Security/Defender-MSERT-Guidance.md

https://redcanary.com/blog/microsoft-exchange-attacks/

https://redcanary.com/threat-detection-report/threats/socgholish

https://redcanary.com/threat-detection-report/threats/yellow-cockatoo

https://redcanary.com/threat-detection-report/threats/gootkit

https://redcanary.com/blog/shutting-down-osx-shlayer/

https://redcanary.com/blog/clipping-silver-sparrows-wings/

https://objective-see.com/blog/blog_0x6B.html

https://www.huntandhackett.com/blog/revil-the-usage-of-legitimate-remote-admin-tooling

https://www.advintel.io/post/secret-backdoor-behind-conti-ransomware-operation-introducing-atera-agent

https://twitter.com/SophosLabs/status/1473673822654107653?s=20

https://blog.knowbe4.com/are-bad-guys-swapping-teamviewer-for-anydesk-to-install-blackheart-ransomware

https://redcanary.com/blog/intelligence-insights-october-2021/

https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

https://sansorg.egnyte.com/dl/wmhPNjxznO

https://redcanary.com/blog/misbehaving-rats/

https://redcanary.com/news/log4j-what-you-need-to-know/

https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild

https://www.lacework.com/blog/lacework-labs-identifies-log4j-attackers/

https://forensicitguy.github.io/analyzing-log4shell-muhstik/

https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/

https://www.imperva.com/blog/attackers-exploit-cve-2021-26084-for-xmrig-crypto-mining-on-affected-confluence-servers/

https://blog.malwarebytes.com/mac/2019/06/new-mac-cryptominer-malwarebytes-detects-as-bird-miner-runs-by-emulating-linux/

https://redcanary.com/blog/frankenstein-was-a-hack-the-copy-paste-cryptominer/

https://www.lunasec.io/docs/blog/log4j-zero-day/

https://redcanary.com/blog/msrpc-to-attack/

https://twitter.com/topotam77

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/08796ba8-01c8-4872-9221-1000ec2eff31

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/230807ac-20be-494f-86e3-4c8ac23ea584#gt_3bd30c20-9517-4030-a48c-380362e209a1

https://redcanary.com/threat-detection-report/techniques/lsass-memory/

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/ccc4fb75-1c86-41d7-bbc4-b278ec13bfb8

https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4624

https://support.microsoft.com/en-gb/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/set-service?view=powershell-7.2#:~:text=%2D-,StartupType,-Specifies%20the%20start

https://github.com/jsecurity101/MSRPC-to-ATTACK/blob/main/documents/MS-EFSR.md

https://attack.mitre.org/techniques/T1187/

https://www.tiraniddo.dev/2021/08/how-to-secure-windows-rpc-server-and.html

https://twitter.com/edwardzpeng/

https://twitter.com/lxf02942370/

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/set-service?view=powershell-7.2#:~:text=service%20to%20Paused.-,Example,-6%3A%20Stop%20a

https://docs.microsoft.com/en-us/windows/win32/printdocs/print-spooler

https://atomicredteam.io

https://github.com/byt3bl33d3r/CrackMapExec

https://redcanary.com/threat-detection-report/threats/mimikatz

http://redcanary.com/threat-detection-report/threats/bloodhound

https://redcanary.com/threat-detection-report/threats/impacket

https://redcanary.com/threat-detection-report/threats/cobalt-strike

https://redcanary.com/threat-detection-report/threats/metasploit

https://github.com/center-for-threat-informed-defense/adversary_emulation_library

https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.yaml

https://redcanary.com/threat-detection-report/methodology/

https://www.cisa.gov/uscert/ncas/alerts/aa21-265a

https://unit42.paloaltonetworks.com/revil-threat-actors/

https://www.mandiant.com/resources/defining-cobalt-strike-components

https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html

https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/

https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/

https://redcanary.com/blog/getsystem-offsec/

https://www.cobaltstrike.com/blog/what-happens-when-i-type-getsystem/

https://www.truesec.com/hub/blog/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies

https://securityintelligence.com/gootkit-bobbing-and-weaving-to-avoid-prying-eyes/

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://www.proofpoint.com/us/threat-insight/post/danabot-new-banking-trojan-surfaces-down-under-0

https://threatpost.com/malware-loader-google-seo-payload/164377/

https://github.com/BloodHoundAD/BloodHound

https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets

https://twitter.com/redcanary/status/1455928677061971971

https://blog.malwarebytes.com/cybercrime/hacking/2018/05/seo-poisoning-is-it-worth-it/

https://medium.com/csis-techblog/gcleaner-garbage-provider-since-2019-2708e7c87a8a

https://www.fortinet.com/blog/threat-research/netbounce-threat-actor-tries-bold-approach-to-evade-detection

https://www.proofpoint.com/us/blog/threat-insight/now-you-see-it-now-you-dont-copperstealer-performs-widespread-theft

https://asec.ahnlab.com/en/23727/

https://www.bitdefender.com/files/News/CaseStudies/study/400/Bitdefender-PR-Whitepaper-MosaicLoader-creat5540-en-EN.pdf

https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/

https://redcanary.com/blog/intel-insights-sept-2021/

https://blog.emsisoft.com/en/40786/ransomware-statistics-for-2021-q4-report/

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/export-or-import-default-application-associations?view=windows-11

https://en.wikipedia.org/wiki/7-Zip

https://blog.malwarebytes.com/mac/2021/02/the-mystery-of-the-silver-sparrow-mac-malware/

https://redcanary.com/threat-detection-report/threats/TA551/

https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/

https://www.microsoft.com/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/

https://www.youtube.com/watch?v=uAkeXCYcl4Y

https://redcanary.com/blog/frameworkpos-and-the-adequate-persistent-threat/

https://www.mandiant.com/resources/pe-file-infecting-malware-ot

https://www.virusbulletin.com/virusbulletin/2012/12/compromised-library

https://www.microsoft.com/security/blog/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/

https://www.recordedfuture.com/ar3s-behind-andromeda/

https://redcanary.com/blog/intelligence-insights-november-2021/

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067

https://en.wikipedia.org/wiki/Sneakernet

https://www.sentinelone.com/blog/eternalblue-nsa-developed-exploit-just-wont-die/

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010

https://support.microsoft.com/en-us/topic/how-to-verify-that-ms17-010-is-installed-f55d3f13-7a9c-688c-260b-477d0ec9f2c8

https://msrc-blog.microsoft.com/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://docs.microsoft.com/en-US/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

https://www.microsoft.com/security/blog/2017/06/30/exploring-the-crypt-analysis-of-the-wannacrypt-ransomware-smb-exploit-propagation/

https://redcanary.com/blog/cryptomining-enabled-by-native-windows-tools/

https://support.sophos.com/support/s/article/KB-000037977?language=en_US

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_powershell_exe?view=powershell-5.1

https://redcanary.com/blog/microsoft-dde-exploit-email/

https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/

https://www.sentinelone.com/labs/enter-the-maze-demystifying-an-affiliate-involved-in-maze-snow/

https://docs.microsoft.com/en-us/windows/win32/shell/autoplay-reg

https://redcanary.com/ransomware/

https://redcanary.com/products/red-canary-for-consultants/

https://redcanary.com/atomic-red-team/

https://redcanary.com/blog/

http://updates.social

https://go.recordedfuture.com/hubfs/reports/mtp-2021-0914.pdfDetection

http://secretsdump.py

http://smbexec.py

http://redcanary.com