• Windows 7 UAC whitelist, http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
• Malicious Application Compatibility Shims, https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf
• Junfeng Zhang from WinSxS dev team blog, https://blogs.msdn.microsoft.com/junfeng/
• Beyond good ol' Run key, series of articles, http://www.hexacorn.com/blog
• KernelMode.Info UACMe thread, http://www.kernelmode.info/forum/viewtopic.php?f=11&t=3643
• Command Injection/Elevation - Environment Variables Revisited, https://breakingmalware.com/vulnerabilities/command-injection-and-elevation-environment-variables-revisited
• "Fileless" UAC Bypass Using eventvwr.exe and Registry Hijacking, https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
• Bypassing UAC on Windows 10 using Disk Cleanup, https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/
• Using IARPUninstallStringLauncher COM interface to bypass UAC, http://www.freebuf.com/articles/system/116611.html
• Bypassing UAC using App Paths, https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/
• "Fileless" UAC Bypass using sdclt.exe, https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/
• UAC Bypass or story about three escalations, https://habrahabr.ru/company/pm/blog/328008/
• Exploiting Environment Variables in Scheduled Tasks for UAC Bypass, https://tyranidslair.blogspot.ru/2017/05/exploiting-environment-variables-in.html
• First entry: Welcome and fileless UAC bypass, https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/
• Reading Your Way Around UAC in 3 parts:
i. https://tyranidslair.blogspot.ru/2017/05/reading-your-way-around-uac-part-1.html
ii. https://tyranidslair.blogspot.ru/2017/05/reading-your-way-around-uac-part-2.html
iii. https://tyranidslair.blogspot.ru/2017/05/reading-your-way-around-uac-part-3.html
• Research on CMSTP.exe, https://msitpros.com/?p=3960
• https://github.com/hfiref0x/UACME
