From 5445f291a2b6a7d344233c822a28af76524197fe Mon Sep 17 00:00:00 2001
From: Carrie Roberts <clr2of8@gmail.com>
Date: Sun, 15 Jan 2023 14:39:13 -0700
Subject: [PATCH] Update T1112.yaml (#2283)

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
---
 atomics/T1112/T1112.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/atomics/T1112/T1112.yaml b/atomics/T1112/T1112.yaml
index 6f672071..52a29f8c 100644
--- a/atomics/T1112/T1112.yaml
+++ b/atomics/T1112/T1112.yaml
@@ -695,7 +695,9 @@ atomic_tests:
 - name: Enabling Restricted Admin Mode via Command_Prompt
   auto_generated_guid: fe7974e5-5813-477b-a7bd-311d4f535e83
   description: |
-    Enabling Restricted Admin Mode via Command_Prompt,enables an attacker to perform a pass-the-hash attack using RDP
+    Enabling Restricted Admin Mode via Command_Prompt,enables an attacker to perform a pass-the-hash attack using RDP.
+    
+    See [Passing the Hash with Remote Desktop](https://www.kali.org/blog/passing-hash-remote-desktop/)
   supported_platforms:
   - windows
   executor: