https://redcanary.com/threat-detection-report/techniques/container-escapes/

https://redcanary.com/threat-detection-report/trends/info-stealers/

https://redcanary.com/threat-detection-report/techniques/reflective-code-loading/

https://redcanary.com/threat-detection-report/techniques/applescript/

https://redcanary.com/threat-detection-report/trends/initial-access/

https://redcanary.com/threat-detection-report/threats/charcoal-stork/

https://redcanary.com/threat-detection-report/threats/chromeloader/

https://redcanary.com/threat-detection-report/threats/smashjacker/

https://redcanary.com/threat-detection-report/trends/by-industry/

https://github.com/redcanaryco/AtomicTestHarnesses/blob/master/posix/docs/macos/t1620.md

https://gist.github.com/mgraeber-rc/8f833bf0b464306ee5c970e64bb4c998

https://attack.mitre.org/techniques/enterprise/

https://redcanary.com/blog/infosec-word-choice/

https://redcanary.com/topic/threat-intelligence/

https://redcanary.com/threat-detection-report/threats/

https://redcanary.com/threat-detection-report/trends/adversary-emulation-testing/

https://redcanary.com/resources/guides/incident-response-preparedness-guide/

https://redcanary.com/threat-detection-report/techniques/

https://redcanary.com/blog/threat-modeling/

https://redcanary.com/threat-detection-report/

https://redcanary.com/blog/confluence-exploit-ransomware/

https://try.malwarebytes.com/business-2023-state-of-ransomware/

https://www.emsisoft.com/en/blog/44987/the-state-of-ransomware-in-the-u-s-report-and-statistics-2023/

https://therecord.media/ransomware-tracker-the-latest-figures

https://redcanary.com/threat-detection-report/threats/impacket/

https://redcanary.com/threat-detection-report/threats/mimikatz/

https://redcanary.com/threat-detection-report/threats/socgholish/

https://redcanary.com/threat-detection-report/threats/qbot/

https://redcanary.com/threat-detection-report/threats/raspberry-robin/

https://redcanary.com/blog/bitsadmin/

https://www.corvusinsurance.com/blog/3-ways-threat-actors-will-kick-off-the-new-year-according-to-corvus-intel

https://redcanary.com/threat-detection-report/techniques/os-credential-dumping/

https://redcanary.com/threat-detection-report/techniques/windows-admin-shares/

https://redcanary.com/blog/rmm-software/

https://redcanary.com/threat-detection-report/techniques/windows-management-instrumentation/

https://redcanary.com/blog/lolbins-abuse/

https://redcanary.com/threat-detection-report/techniques/rundll32/

https://redcanary.com/threat-detection-report/trends/rmm-tools/

https://www.mandiant.com/resources/blog/alphv-ransomware-backup

https://www.bleepingcomputer.com/news/security/mgm-resorts-ransomware-attack-led-to-100-million-loss-data-theft/

https://www.bleepingcomputer.com/news/security/mgm-casinos-esxi-servers-allegedly-encrypted-in-ransomware-attack/

https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant

https://www.europol.europa.eu/media-press/newsroom/news/ragnar-locker-ransomware-gang-taken-down-international-police-swoop

https://blogs.microsoft.com/on-the-issues/2023/04/06/stopping-cybercriminals-from-abusing-security-tools/

https://redcanary.com/threat-detection-report/threats/cobalt-strike/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41091

https://redcanary.com/threat-detection-report/techniques/powershell/

https://redcanary.com/blog/msix-installers/

https://redcanary.com/threat-detection-report/techniques/installer-packages/

https://www.youtube.com/watch?v=TsrOYObSMO4&t=58s

https://h-isac.org/observed-increase-in-qr-code-phishing-attacks/

https://www.esentire.com/blog/exploiting-qr-codes-aitm-phishing-with-dadsec-phaas

https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/

https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/

https://redcanary.com/threat-detection-report/threats/yellow-cockatoo/

https://www.mandiant.com/resources/blog/seo-poisoning-batloader-atera

https://redcanary.com/threat-detection-report/threats/gootloader/

https://redcanary.com/blog/cvss-4/

https://redcanary.com/blog/intelligence-insights-april-2023/

https://redcanary.com/threat-detection-report/trends/initial-access/#take-action

https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/#detection

https://winaero.com/remove-mount-context-menu-windows-10/

https://redcanary.com/threat-detection-report/techniques/lsass-memory/

https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/

https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware

https://www.ic3.gov/Media/Y2022/PSA220208

https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

https://www.darkreading.com/endpoint-security/sec-sim-swap-to-blame-breached-x-account

https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-pushes-darkgate-malware-via-group-chats/

https://redcanary.com/blog/access-tokens/

https://redcanary.com/threat-detection-report/trends/identity-attacks/#take-action

https://docs.fcc.gov/public/attachments/FCC-23-95A1.pdf

https://redcanary.com/threat-detection-report/techniques/mfa-request-generation/

https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/

https://www.huntress.com/blog/critical-vulnerabilities-ws-ftp-exploitation

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a

https://redcanary.com/threat-detection-report/techniques/ingress-tool-transfer/

https://www.huntress.com/blog/move-it-on-over-reflecting-on-the-moveit-exploitation

https://redcanary.com/blog/intelligence-insights-august-2023/

https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware

https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/

https://www.appgate.com/blog/vietnamese-information-stealer-campaigns-target-professionals-on-linkedin

https://www.bleepingcomputer.com/news/security/malware-dev-says-they-can-revive-expired-google-auth-cookies/

https://www.bleepingcomputer.com/news/security/malware-abuses-google-oauth-endpoint-to-revive-cookies-hijack-accounts/#:~:text=Malware%20devs%20rush%20to%20add%20exploit

https://redcanary.com/threat-detection-report/techniques/installer-packages

https://redcanary.com/blog/intelligence-insights-january-2024/

https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks

https://redcanary.com/threat-detection-report/techniques/reflective-code-loading

https://redcanary.com/blog/misbehaving-rats/

https://unit42.paloaltonetworks.com/muddled-libra/

https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/

https://redcanary.com/threat-detection-report/trends/rmm-tools/#detection

https://github.com/redcanaryco/surveyor

https://github.com/redcanaryco/surveyor/blob/master/definitions/remote-admin.json

https://redcanary.com/blog/aws-sts/

https://www.cadosecurity.com/legion-an-aws-credential-harvester-and-smtp-hijacker/

https://permiso.io/blog/s/legion-mass-spam-attacks-in-aws/

https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys/

https://redcanary.com/blog/microsoft-azure-cloud/

https://learn.microsoft.com/en-us/entra/identity/devices/concept-primary-refresh-token

https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/

https://aadinternals.com/

https://github.com/dirkjanm/ROADtoken

https://www.beyondtrust.com/blog/entry/okta-support-unit-breach

https://redcanary.com/threat-detection-report/trends/rmm-abuse/

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html

https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-howitworks

https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide

https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html

https://azure.microsoft.com/en-us/products/key-vault

https://aws.amazon.com/secrets-manager/

https://www.infosecurity-magazine.com/news/chatgpt-creates-polymorphic-malware/

https://redcanary.com/blog/ai-malware/

https://www.sentinelone.com/blog/eternalblue-nsa-developed-exploit-just-wont-die/

http://redcanary.com

https://redcanary.com/resources/guides/aws-visibility-cloud-security/

https://redcanary.com/threat-detection-report/methodology/

https://redcanary.com/blog/modern-security-operations-center/

https://atomicredteam.io/

https://redcanary.com/blog/security-testing/

https://redcanary.com/threat-detection-report/threats/bloodhound/

https://redcanary.com/blog/#subscribe

https://atomicredteam.io/invoke-atomic/

https://redcanary.com/blog/socgholish-emulation/

https://www.census.gov/naics/

https://www.verizon.com/business/resources/reports/dbir/

https://redcanary.com/threat-detection-report/techniques/windows-command-shell/

https://d3fend.mitre.org/offensive-technique/attack/T1546.008/

https://redcanary.com/threat-detection-report/archive/

https://en.wikipedia.org/wiki/Jaccard_index

https://attack.mitre.org/techniques/T1027/006/

https://attack.mitre.org/techniques/T1021/003/

https://attack.mitre.org/techniques/T1091/

https://attack.mitre.org/techniques/T1059/004/

https://attack.mitre.org/techniques/T1059/006/

https://attack.mitre.org/techniques/T1564/008/

https://redcanary.com/blog/email-account-compromise-schools/

https://attack.mitre.org/techniques/T1059/005/

https://redcanary.com/threat-detection-report/threats/gamarue/

https://www.youtube.com/watch?v=o_4yjGKCmS4

https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html

https://redcanary.com/authors/tony-lambert/

https://redcanary.com/blog/iso-files/

https://redcanary.com/threat-detection-report/threats/chromeloader

https://www.connectwise.com/blog/threat-report/smash-jacker

https://stairwell.com/resources/technical-analysis-the-silent-torrent-of-vilerat/

https://securelist.com/vilerat-deathstalkers-continuous-strike/107075/

https://redcanary.com/blog/intelligence-insights-september-2023/

https://redcanary.com/threat-detection-report/threats/charcoal-stork

https://redcanary.com/threat-detection-report/trends/defense-validation-testing/

https://block64.com/platform/

https://heimdalsecurity.com/blog/blackcat-sphynx-the-ransomware-operation-evolves-once-again/

https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF

https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/

https://github.com/fortra/impacket/commit/35cbac53c7cf78563c3e7269bcafbc6706083f01

https://github.com/fortra/impacket/commit/8b3f9eff06b3a14c09e8e64cfc762cf2adeed013

https://medium.com/@gary.j.katz/tracking-detection-drift-7ab29dcd3fbc

https://redcanary.com/threat-detection-report/threats/impacket

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang

https://redcanary.com/blog/marshmallows-and-kerberoasting/

https://learn.microsoft.com/en-us/sysinternals/downloads/psexec

https://www.mandiant.com/sites/default/files/2022-04/Ransomare%20Protection%20and%20Containment%20Strategies%20Report_Mandiant%20%281%29.pdf

https://github.com/gentilkiwi/mimikatz/wiki

http://atomicredteam.io/

https://redcanary.com/blog/yellow-cockatoo/

https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer

https://squiblydoo.blog/2021/10/17/solarmarker-by-any-other-name/

https://www.malwarebytes.com/blog/detections/trojan-polazert

https://www.morphisec.com/hubfs/eBooks_and_Whitepapers/Jupyter%20Infostealer%20WEB.pdf

https://redcanary.com/threat-detection-report/threats/yellow-cockatoo/#detection

https://www.truesec.com/hub/blog/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies

https://redcanary.com/blog/intelligence-insights-march-2022/

https://redcanary.com/blog/intelligence-insights-january-2022/#:~:text=SocGholish%20causing%20BLISTERs%3F

https://blog.fox-it.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/

https://www.trendmicro.com/en_ie/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html

https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/#DEV-0206-DEV-0243

https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update

https://redcanary.com/blog/intelligence-insights-september-2023/#:~:text=Scarlet%20Goldfinch%3A%20Novel%20behavior

https://medium.com/walmartglobaltech/smartapesg-4605157a5b80

https://www.malwarebytes.com/blog/threat-intelligence/2023/07/socgholish-copycat-delivers-netsupport-rat

https://twitter.com/AnFam17/status/1671789322259800064

https://rmceoin.github.io/malware-analysis/clearfake/

https://blog.sucuri.net/2023/10/fakeupdateru-chrome-update-infection-spreads-trojan-malware.html

https://www.proofpoint.com/us/blog/threat-insight/are-you-sure-your-browser-date-current-landscape-fake-browser-updates

https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/

https://redcanary.com/blog/chromeloader/

https://redcanary.com/threat-detection-report/trends/affiliates/

https://redcanary.com/threat-detection-report/threats/chromeloader/#detection/

https://redcanary.com/threat-detection-report/techniques/scheduled-task/

https://www.microsoft.com/security/blog/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/

https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-group-policy?view=o365-worldwide

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-untrusted-and-unsigned-processes-that-run-from-usb

https://www.howtogeek.com/236241/how-to-enable-disable-and-customize-autoplay-in-windows-10/

https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware

https://www.justice.gov/usao-cdca/pr/qakbot-malware-disrupted-international-cyber-takedown

https://redcanary.com/blog/qbot-takedown/

https://twitter.com/DTCERT/status/1705178245090447456?t=1iZRjLVh2yyN0PoywdA29g&s=19

https://redcanary.com/threat-detection-report/threats/icedid/

https://twitter.com/MsftSecIntel/status/1735856754427047985

https://support.huntress.io/hc/en-us/articles/11477430445587-Disabling-Mounting-of-Disk-Image-Files

https://isc.sans.edu/diary/Preventing+ISO+Malware/29062

https://redcanary.com/blog/raspberry-robin/

https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/

https://attack.mitre.org/techniques/T1548/002/

https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/

https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/

https://redcanary.com/threat-detection-report/threats/smashjacker

https://attack.mitre.org/techniques/T1059/001/

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_powershell_exe?view=powershell-5.1#-encodedcommand-base64encodedcommand

https://redcanary.com/threat-detection-report/techniques/process-injection/

https://redcanary.com/blog/uncompromised-kaseya/

https://learn.microsoft.com/en-us/powershell/module/azuread/?view=azureadps-2.0

https://www.powershellgallery.com/packages/Azure

https://www.powershellgallery.com/packages/Microsoft.Graph

https://www.powershellgallery.com/packages/AADInternals

https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs

https://github.com/dafthack/GraphRunner

https://github.com/hausec/PowerZure

https://github.com/NetSPI/MicroBurst

https://redcanary.com/threat-detection-report/techniques/powershell/#visibility

https://redcanary.com/threat-detection-report/techniques/powershell/#collection

https://redcanary.com/threat-detection-report/techniques/powershell/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/powershell/#testing

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide

https://learn.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes?view=powershell-7.3#constrainedlanguage-mode

https://attack.mitre.org/techniques/T1059/003/

https://github.com/danielbohannon/Invoke-DOSfuscation

https://sec-consult.com/blog/detail/pentesters-windows-ntfs-tricks-collection/

https://redcanary.com/blog/its-all-fun-and-games-until-ransomware-deletes-the-shadow-copies/

https://redcanary.com/threat-detection-report/techniques/windows-command-shell/#visibility

https://redcanary.com/threat-detection-report/techniques/windows-command-shell/#collection

https://redcanary.com/threat-detection-report/techniques/windows-command-shell/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/windows-command-shell/#testing

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-execution-of-potentially-obfuscated-scripts

https://attack.mitre.org/techniques/T1047/

https://attack.mitre.org/techniques/T1220/

https://attack.mitre.org/techniques/T1546/003/

https://redcanary.com/blog/windows-active-directory/

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/ba-p/4039242

https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features

https://redcanary.com/blog/amsi/

https://posts.specterops.io/antimalware-scan-interface-detection-optics-analysis-methodology-858c37c38383

https://redcanary.com/threat-detection-report/techniques/windows-management-instrumentation/#visibility

https://redcanary.com/threat-detection-report/techniques/windows-management-instrumentation/#collection

https://redcanary.com/threat-detection-report/techniques/windows-management-instrumentation/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/windows-management-instrumentation/#testing

https://learn.microsoft.com/en-us/windows/win32/wmisdk/setting-namespace-security-with-the-wmi-control

https://attack.mitre.org/techniques/T1078/004/

https://redcanary.com/blog/cloud-attack-techniques/

https://redcanary.com/blog/email-payroll-diversion-attack/

https://redcanary.com/threat-detection-report/techniques/cloud-accounts/#visibility

https://redcanary.com/threat-detection-report/techniques/cloud-accounts/#collection

https://redcanary.com/threat-detection-report/techniques/cloud-accounts/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/cloud-accounts/#testing

https://attack.mitre.org/techniques/T1027/

https://attack.mitre.org/techniques/T1027/#:~:text=Adversaries%20may%20also%20use%20compressed%20or%20archived%20scripts%2C%20such%20as%20JavaScript

https://redcanary.com/threat-detection-report/techniques/obfuscated-files-information/

https://redcanary.com/threat-detection-report/techniques/obfuscated-files-information/#visibility

https://redcanary.com/threat-detection-report/techniques/obfuscated-files-information/#collection

https://redcanary.com/threat-detection-report/techniques/obfuscated-files-information/#detection

https://redcanary.com/threat-detection-report/techniques/obfuscated-files-information/#testing

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide

https://attack.mitre.org/techniques/T1114/003/

https://redcanary.com/blog/email-forwarding-rules/

https://redcanary.com/threat-detection-report/trends/email-threats/

https://redcanary.com/blog/inbox-heist/

https://twitter.com/malmoeb/status/1669695092481830915

https://redcanary.com/threat-detection-report/techniques/email-forwarding-rule/#visibility

https://redcanary.com/threat-detection-report/techniques/email-forwarding-rule/#collection

https://redcanary.com/threat-detection-report/techniques/email-forwarding-rule/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/email-forwarding-rule/#testing

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/outbound-spam-policies-external-email-forwarding?view=o365-worldwide

https://www.mandiant.com/sites/default/files/2021-11/wp-m-unc2452-000343.pdf

https://attack.mitre.org/techniques/T1003/

https://l0phtcrack.gitlab.io/

https://jpcertcc.github.io/ToolAnalysisResultSheet/details/gsecdump.htm

https://attack.mitre.org/techniques/T1003/008/

https://www.openwall.com/john/

https://attack.mitre.org/techniques/T1003/001/

https://redcanary.com/threat-…chniques/powershell/

https://attack.mitre.org/techniques/T1003/003/

https://attack.mitre.org/techniques/T1003/007/

https://attack.mitre.org/techniques/T1003/006/

https://attack.mitre.org/techniques/T1003/005/

https://redcanary.com/threat-detection-report/techniques/os-credential-dumping/#visibility

https://redcanary.com/threat-detection-report/techniques/os-credential-dumping/#collection

https://redcanary.com/threat-detection-report/techniques/os-credential-dumping/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/os-credential-dumping/#testing

https://attack.mitre.org/techniques/T1218/011/

https://redcanary.com/threat-detection-report/techniques/rundll32/#visibility

https://redcanary.com/threat-detection-report/techniques/rundll32/#collection

https://redcanary.com/threat-detection-report/techniques/rundll32/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/rundll32/#testing

https://attack.mitre.org/techniques/T1105/

https://lolbas-project.github.io/#ingress%20tool%20transfer

https://attack.mitre.org/groups/G0106

https://attack.mitre.org/software/S0599

https://redcanary.com/threat-detection-report/techniques/ingress-tool-transfer/#visibility

https://redcanary.com/threat-detection-report/techniques/ingress-tool-transfer/#collection

https://redcanary.com/threat-detection-report/techniques/ingress-tool-transfer/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/ingress-tool-transfer/#testing

https://redcanary.com/threat-detection-report/techniques/powershell/#mitigation

https://github.com/biffalo/easy-wins-endpoint-defense?tab=readme-ov-file#blocking-lolbins-with-windows-firewall

https://attack.mitre.org/techniques/T1036/003/

https://redcanary.com/threat-detection-report/techniques/mshta/

https://redcanary.com/threat-detection-report/threats/emotet/

https://redcanary.com/threat-detection-report/techniques/rename-system-utilities/

https://redcanary.com/threat-detection-report/techniques/rename-system-utilities/#visibility

https://redcanary.com/threat-detection-report/techniques/rename-system-utilities/#collection

https://redcanary.com/threat-detection-report/techniques/rename-system-utilities/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/rename-system-utilities/#testing

https://redcanary.com/blog/child-processes/

https://redcanary.com/blog/better-know-a-data-source-files/

https://attack.mitre.org/techniques/T1546/016/

https://learn.microsoft.com/en-us/windows/win32/msi/windows-installer-guide

https://learn.microsoft.com/en-us/windows/uwp/get-started/universal-application-platform-guide

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-authenticodesignature?view=powershell-7.4

https://www.virustotal.com/gui/file/ac75645e35a1639ee879eaf40d40494749f29b25d77ee505082562d51a662893/details

https://learn.microsoft.com/en-us/windows-hardware/drivers/install/authenticode

https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck

https://redcanary.com/threat-detection-report/techniques/installer-packages/#:~:text=Suspicious%20MSIX%20package%20triage

https://www.virustotal.com/gui/file/551bd3b49f37aa05a52ce1476c46970e5d5e9db73a984cb4882c3af36b7901d3/details

https://www.virustotal.com/gui/file/1eeb2f50bebbfc02446619841816482c2f9c2cca702566ecd3473687f56ba279

https://www.virustotal.com/gui/file/3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1/details

https://msrc.microsoft.com/blog/2023/12/microsoft-addresses-app-installer-abuse/

https://learn.microsoft.com/en-us/windows/msix/app-installer/installing-windows10-apps-web

https://learn.microsoft.com/en-us/windows/msix/psf/package-support-framework-overview

https://github.com/microsoft/MSIX-PackageSupportFramework/blob/master/PsfLauncher/Readme.md#json-schema

https://learn.microsoft.com/en-us/uwp/schemas/appxpackage/uapmanifestschema/element-rescap3-desktopapp#attributes

https://attack.mitre.org/techniques/T1547/001/

https://redcanary.com/threat-detection-report/techniques/installer-packages/#visibility

https://redcanary.com/threat-detection-report/techniques/installer-packages/#collection

https://redcanary.com/threat-detection-report/techniques/installer-packages/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/installer-packages/#testing

https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.Appx::AppxDeploymentAllowAllTrustedApps

https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#allowalltrustedapps

https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.Appx::BlockNonAdminUserInstall

https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#blocknonadminuserinstall

https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac

https://learn.microsoft.com/en-us/powershell/module/appx/add-appxpackage?view=windowsserver2022-ps

https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/

https://msrc.microsoft.com/update-guide/advisory/CVE-2021-43890

https://www.advancedinstaller.com/msix-introduction.html

https://attack.mitre.org/techniques/T1547/006/

https://redcanary.com/blog/linux-vfs/

https://en.wikipedia.org/wiki/Glibc

https://github.com/lucasdemarchi/kmod/blob/master/libkmod/README

https://redcanary.com/threat-detection-report/techniques/kernel-modules-and-extensions/#testing

https://redcanary.com/blog/kubernetes-security/

https://docs.docker.com/storage/bind-mounts/

https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/

https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF

https://github.com/yaoyumeng/adore-ng

https://github.com/mncoppola/suterusu

https://github.com/m0nad/Diamorphine

https://redcanary.com/threat-detection-report/techniques/kernel-modules-and-extensions/#visibility

https://redcanary.com/threat-detection-report/techniques/kernel-modules-and-extensions/#collection

https://redcanary.com/threat-detection-report/techniques/kernel-modules-and-extensions/#detection-opportunities

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-controlling_root_access#sec-Limiting_Root_Access

https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html

https://access.redhat.com/articles/5254641

https://sourceforge.net/p/linux-ima/wiki/Home/

https://en.wikipedia.org/wiki/Linux_Security_Modules

https://redcanary.com/blog/edr-linux/#:~:text=Introduction%20to%20containers

https://attack.mitre.org/techniques/T1611/

https://redcanary.com/blog/rootkit-webinar/

https://dirtypipe.cm4all.com/

https://securitylabs.datadoghq.com/articles/dirty-pipe-container-escape-poc/

https://nvd.nist.gov/vuln/detail/CVE-2022-23648

https://redcanary.com/threat-detection-report/techniques/container-escapes/#visibility

https://redcanary.com/threat-detection-report/techniques/container-escapes/#collection

https://redcanary.com/threat-detection-report/techniques/container-escapes/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/container-escapes/#testing

https://support.apple.com/en-mide/guide/security/sec469d47bd8/web#:~:text=those%20that%20haven%E2%80%99t.-,XProtect,-macOS%20includes%20built

https://github.com/opensource-apple/dyld/blob/3f928f32597888c5eac6003b9199d972d49857b5/include/mach-o/dyld.h#L99-L115

https://opensource.apple.com/source/xnu/xnu-344/EXTERNAL_HEADERS/mach-o/loader.h.auto.html#:~:text=Constants%20for%20the%20filetype%20field%20of%20the%20mach_header

https://attack.mitre.org/techniques/T1620/

https://github.com/aidansteele/osx-abi-macho-file-format-reference

https://developer.apple.com/documentation/security/hardened_runtime

https://blog.xpnsec.com/restoring-dyld-memory-loading/

https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-unsigned-executable-memory

https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution

https://redcanary.com/threat-detection-report/techniques/gatekeeper-bypass/

https://theevilbit.github.io/posts/gatekeeper_not_a_bypass/

https://slyd0g.medium.com/understanding-and-defending-against-reflective-code-loading-on-macos-e2e83211e48f

https://github.com/apple-oss-distributions/dyld

https://github.com/apple-oss-distributions/dyld/blob/d1a0f6869ece370913a3f749617e457f3b4cd7c4/dyld/DyldAPIs.cpp#L3245

https://github.com/apple-oss-distributions/dyld/blob/d1a0f6869ece370913a3f749617e457f3b4cd7c4/dyld/DyldAPIs.cpp#L3184

https://slyd0g.medium.com/understanding-and-defending-against-reflective-code-loading-on-macos-e2e83211e48f#:~:text=If%20the%20file%20being%20loaded%20is%20not%20a%20bundle

https://objective-see.org/blog/blog_0x25.html#Snake:~:text=install%20macOS!-,Snake,-found%3A

https://hackd.net/posts/macos-reflective-code-loading-analysis/#:~:text=Probably%20the%20best%20known%20implementation,Stephanie%20Archibald%20at%20INFILTRATE%20'17.

https://twitter.com/patrickwardle/status/1547967373264560131?lang=en

https://hackd.net/posts/macos-reflective-code-loading-analysis/

https://redcanary.com/threat-detection-report/techniques/reflective-code-loading/#:~:text=Dyld%20APIs.%20When-,NSLinkModule,-is%20called%2C%20the

https://github.com/redcanaryco/mac-monitor

https://redcanary.com/blog/atomic-test-harnesses-osx-linux/

https://redcanary.com/threat-detection-report/techniques/reflective-code-loading/#testing

https://objective-see.org/blog/blog_0x25.html#Snake:~:text=install macOS!-,Snake,-found%3A

https://objective-see.org/blog/blog_0x51.html

https://objective-see.org/blog/blog_0x5F.html#:~:text=NSCreateObjectFileImageFromMemory

https://news.sophos.com/en-us/2020/03/17/double-agent-a-macos-bundleware-installer-that-acts-like-a-spy/

https://www.trendmicro.com/en_au/research/21/f/nukesped-copies-fileless-code-from-bundlore--leaves-it-unused.html

https://www.cisa.gov/news-events/analysis-reports/ar21-048c

https://www.sentinelone.com/blog/from-the-front-lines-new-macos-covid-malware-masquerades-as-apple-wears-face-of-apt/

https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn

https://github.com/xpn/DyldDeNeuralyzer

https://opensource.apple.com/source/xnu/xnu-6153.81.5/bsd/sys/fcntl.h.auto.html

https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation

https://github.com/xpn/DyldDeNeuralyzer/blob/7d690ca77883fd9990358d6bc875daa9f6eaa374/DyldDeNeuralyzer/MachoLoader/macholoader.h#L23

https://redcanary.com/threat-detection-report/techniques/reflective-code-loading/#visibility

https://redcanary.com/threat-detection-report/techniques/reflective-code-loading/#collection

https://redcanary.com/threat-detection-report/techniques/reflective-code-loading/#detection-opportunities

https://github.com/infosecB/LOOBins

https://attack.mitre.org/techniques/T1059/002/

https://redcanary.com/blog/applescript/

https://www.cybereason.com/blog/targetingedge-mac-os-x-pirrit-malware-adware-still-active

https://redcanary.com/blog/mac-application-bundles/#:~:text=XCSSET%3A%20a%20case%20study

https://github.com/redcanaryco/AtomicTestHarnesses/blob/master/posix/docs/macos/t1059_002.md#supported-technique-variations

https://www.loobins.io/binaries/osascript/

https://developer.apple.com/documentation/foundation/nsapplescript

https://developer.apple.com/documentation/foundation/nsuserapplescripttask

https://github.com/phracker/MacOSX-SDKs/blob/041600eda65c6a668f66cb7d56b7d1da3e8bcc93/MacOSX11.3.sdk/System/Library/Frameworks/OSAKit.framework/Versions/A/Headers/OSAScript.h#L72

https://redcanary.com/blog/mac-application-bundles/#:~:text=other%20Xcode%20projects.-,Applets,-Applets%2C%20for%20all

https://www.trendmicro.com/en_us/research/20/h/xcsset-mac-malware--infects-xcode-projects--uses-0-days.html

https://www.cybereason.com/blog/targetingedge-mac-os-x-pirrit-malware-adware-still-active#:~:text=BREAKING%20APART%20MACVER

https://www.malwarebytes.com/blog/news/2018/12/mac-malware-combines-empyre-backdoor-and-xmrig-miner

https://developer.apple.com/library/archive/documentation/LanguagesUtilities/Conceptual/MacAutomationScriptingGuide/PromptforText.html#//apple_ref/doc/uid/TP40016239-CH80-SW1

https://www.cybereason.com/hs-fs/hubfs/base64%202.png?width=1500&name=base64%202.png

https://www.cybereason.com/hs-fs/hubfs/base64%201.png?width=1500&name=base64%201.png

https://github.com/EmpireProject

https://github.com/xmrig/xmrig

https://github.com/MythicAgents/apfell

https://github.com/MythicAgents/poseidon

https://github.com/MythicAgents/apfell/blob/master/Payload_Type/apfell/apfell/agent_code/base/apfell-jxa.js

https://redcanary.com/resources/webinars/detection-series-applescript/

https://developer.apple.com/documentation/foundation/nsapplescript/1410034-executeandreturnerror

https://developer.apple.com/documentation/foundation/nsapplescript/1410807-executeappleevent

https://github.com/phracker/MacOSX-SDKs/blob/041600eda65c6a668f66cb7d56b7d1da3e8bcc93/MacOSX11.3.sdk/System/Library/Frameworks/OSAKit.framework/Versions/A/Headers/OSAScript.h#L113C40-L113C40

https://github.com/phracker/MacOSX-SDKs/blob/041600eda65c6a668f66cb7d56b7d1da3e8bcc93/MacOSX11.3.sdk/System/Library/Frameworks/OSAKit.framework/Versions/A/Headers/OSAScript.h#L114C4-L114C12

https://developer.apple.com/documentation/foundation/nsuserapplescripttask/1416515-execute

https://attack.mitre.org/techniques/T1548/004/

https://objective-see.org/blog/blog_0x25.html#:~:text=likely%20too%20late!-,Dok%20(Retefe),-found%3A

https://support.apple.com/en-mide/guide/deployment/depdca572563/web

https://github.com/MythicAgents/poseidon/blob/74af0f1744f76de79207f263fe1fcc1b2e87741c/Payload_Type/poseidon/poseidon/agent_code/jxa/jxa_wrapper_darwin.m#L12

https://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/

https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/

https://www.jamf.com/blog/mac-adware-a-la-python/

https://www.sentinelone.com/blog/atomic-stealer-threat-actor-spawns-second-variant-of-macos-malware-sold-on-telegram/

https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/

https://redcanary.com/threat-detection-report/techniques/applescript/#visibility

https://redcanary.com/threat-detection-report/techniques/applescript/#collection

https://redcanary.com/threat-detection-report/techniques/applescript/#detection-opportunities

https://redcanary.com/threat-detection-report/techniques/applescript/#testing

https://redcanary.com/resources/webinars/exploring-dark-arts-macos/

http://Fixme.it

http://Fleetdeck.io

http://Level.io

http://smbexec.py

http://secretsdump.py

https://github.com/m0nad/DiamorphineTAKE

http://BrowserEnhancer.app/Contents/MacOS/BrowserEnhancer

http://well.global

http://install.sh

http://service.int

http://Viewer.app