[1] 获取AD域中SYSVOL和组策略首选项中的密码[OL].(2017-06-01)[2020-08-01].https://www.cnblogs.com/backlion/p/6927322.html
[2] [MS-SAMR]: Security Account Manager (SAM) Remote Protocol(Client-to-Server)[OL].(2020-10-30)[2020-08-10].https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/4df07fab-1bbc-452f-8e92-7853a3c7e380?redirectedfrom=MSDN
[3] 域渗透:SPN和Kerberoast攻击[OL].(2019-10-20)[2020-08-07].https://www.cnblogs.com/zpchcbd/p/11707776.html
[4] Joe Bialek. Additional information about CVE-2014-6324[OL].(2014-11-18)[2020-08-10].http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
[5] Harmj0y.Roasting AS-REPs[OL].(2017-01-17)[2020-08-11].https://www.harmj0y.net/blog/activedirectory/roasting-as-reps/
[6] Harmj0y.Kerberoasting without Mimikatz[OL].(2016-11-01)[2020-08-11].http://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
[7] [MS-DRSR]:Directory Replication Service (DRS) Remote Protocol[OL].(2020-10-30)[2020-08-16].https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/f977faaa-673e-4f66-b9bf-48c640241d47
[8] Abusing active directory ACLs/ACEs[OL].[2020-08-16]. https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-active-directory-acls-aces
[9] Raj Chancel. Kerberos brute force attack[OL].(2020-04-25)[2020-08-17].https://www.hackingarticles.in/kerberos-brute-force-attack/
[10] 丝绸之路.域控权限持久化之DSRM[OL].(2015-10-10)[2020-08-17].https://www.freebuf.com/articles/system/80968.html
[11] Sean Metcalf. Sneaky active directory persistence #12: Malicious security support provider (SSP)[OL].(2015-09-16)[2020-08-18].https://adsecurity.org/?p=1760
[12] Sean Metcalf. Sneaky active directory persistence #14: SID history[OL].(2015-09-19)[2020-08-18].https://adsecurity.org/?p=1772
[14] Sean Metcalf. Kerberos golden tickets are now more golden[OL].(2015-08-07)[2020-08-18].https://adsecurity.org/?p=1640
[15] Sean Metcalf. How attackers use kerberos silver tickets to exploit systems[OL].(2015-08-07)[2020-08-18].https://adsecurity.org/?p=2011
[16] Vesel『无心』.域渗透 | 白银票据防御[OL].(2019-10-30)[2020-08-20].https://blog.csdn.net/qq_18501087/article/details/102828802
[17] 彪锅.使用LAPS管理本地管理员密码(1)[OL].(2015-12-24)[2020-08-20].https://blog.51cto.com/38088444/1727817
[18] PowerShell Team. PowerShell ♥ the Blue Team[OL].(2015-06-09)[2020-0715].https://devblogs.microsoft.com/powershell/powershell-the-blue-team/
[19] 操作系统推荐的审核策略[OL].(2015-05-31)[2020-07-29].https://docs.microsoft.com/zh-cn/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations#recommended-audit-policies-by-operating-system
[20] 事件监视器[OL].(2018-07-30)[2020-07-29].https://docs.microsoft.com/zh-cn/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
[21] 0Kee Team.WatchAD[OL].(2019-11-13)[2020-08-14].https://github.com/0Kee-Team/WatchAD/blob/master/README_zh-cn.md