https://www.sans.org/reading-room/whitepapers/casestudies/breach-simulating-detecting-common-attack-36157